datawatch server - visualization edition 12.6, installation ...€¦ · this document describes how...
TRANSCRIPT
This document describes how to install Datawatch Server - Visualization Edition and use it for the first time
It also provides important tips on troubleshooting your installation
Datawatch Corporation makes no representation or warranties with respect to the contents of this manual or the associated software and especially disclaims any implied warranties of merchantability or fitness for any particular purpose Further Datawatch Corporation reserves the right to revise this publication and make changes from time to time to its contents without obligation to notify anyone of such revisions or changes
Datawatch Desktop software is offered and is to be used in accordance with a SOFTWARE LICENSE AND MAINTENANCE AGREEMENT This agreement stipulates that this software be used only in the computer system designated in that agreement The agreement further stipulates that the customer shall not copy or alter or permit others to copy or alter the software or related materials in whole or in part in any media for any purpose except to make an archive (back-up) copy or to make a copy as an essential step in the use of the software with the customers computer
Datawatch Corporation hereby grants the buyer the right to reprint this documentation for internal uses only No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise for any other purposes without the prior written permission of Datawatch Corporation
Datawatch Server - Visualization Edition Installation and Troubleshooting Guide v126 January 2015 Copyright copy 2015 by Datawatch Corporation All rights reserved Printed in the USA Unpublished - Rights reserved under the copyright law of the United States
Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation Other products mentioned herein may be trademarks or registered
trademarks of their respective owners in the United States or other countries
For US Government End Users the software is a ldquoCommercial Item(s)rdquo as that term is defined at 48 CFR Section 2101 consisting of ldquoCommercial Computer Softwarerdquo and ldquoCommercial Computer Software Documentationrdquo as such terms are used in 48 CFR Section 12212 or 48 CFR Section 2277202 as applicable Consistent with 48 CFR Section 12212 or 48 CFR Sections 2277202-1 through 2277202-4 as applicable the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to US Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the Datawatch Software License and Maintenance Agreement
Datawatch Corporation 271 Mill Rd Quorum Office Park Chelmsford MA 01824 USA Tel 9784412200(800) 4453311 Fax 9784411114 Sales salesdatawatchcom Support supportdatawatchcom
Australia
Datawatch Pty Ltd World Tower 160387 Liverpool Street Sydney NSW 2000 Australia Tel 61 2 8373 5244 E-Mail sales_audatawatchcom
Germany
Datawatch GmbH Leopoldstrasse 244 80807 Muumlnchen Germany Tel 49 89 208 039 528 Sales germanydatawatchcom
Singapore
Datawatch Analytics (Singapore) Pte Ltd 60B Pagoda Street Singapore 059219 Tel 65 6513 3398
United Kingdom
Datawatch International Ltd Siena Court Broadway Maidenhead Berkshire United Kingdom SL6 1NJ Tel +44 845 362 3270 Sales sales_eurodatawatchcom
[1] Overview 1
Installation Packages 1
Datawatch Server - Visualization Editions 2
Licensing 2
System Requirements 3
For NET Edition 3
For Java Edition 3
[2] Installation of Datawatch Server ndash Visualization Edition for NET 5
Setting up prerequisites 5
Installing Datawatch Server ndash Visualization Edition for NET 7
NET Data Connectors Third Party Software Installation 10
StreamBase 71 10
StreamBase LiveView 15 10
SAP Sybase ESP and JMS 11
OneTick 11
Thomson Reuters TREP-RT 12
IBM Cognos TM1 12
Perfmon 12
Other Connectors 12
Datawatch Server - Visualization Edition for NET MS IIS Configuration 13
File Permissions 13
MS IIS Web Server Authentication Schemes 14
MS IIS ndash Application Pool Settings 16
Connecting to 32-bit Data Sources on a 64-bit Edition of Windows 16
Application Pool Idle Time Out and Recycle Settings 18
Application Pool Identity Settings 19
Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments 20
[3] Installation of Datawatch Server ndash Visualization Edition for Java 21
Addition of Metro to Tomcat 23
Installing Datawatch Server - Visualization Edition for Java on Tomcat 25
Configuring Java server Logs 26
Increase Java Heap size for Tomcat 28
Java Data Connectors ndash Third Party Software Installation 29
[4] Server Caches amp Configuration 31
NET Server 32
Java Server 34
R and Python Transform Support 35
R Integration 35
Python Integration 37
[5] Running Datawatch Server ndash Visualization Edition for the First Time 38
For the NET Edition 38
For the Java Edition 42
Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files 45
[6] Upgrading 46
Upgrading Datawatch Server - Visualization Edition for NET 46
Upgrading 46
Uninstalling and Re-Installing 46
Upgrading Datawatch Server - Visualization Edition for Java 46
[7] Advanced Server Deployments 47
Usage in SSL Enabled Environments 47
Network Address Translation 47
NET Server 47
Java Server 48
Reverse Proxy Server Usage49
SSL Off-Loading to the Reverse Proxy 49
Forms Based Authentication 50
Single Sign On (SSO) 51
NET SSO 51
Java SSO 51
Datawatch Server ndash Visualization Edition for Java - Active Directory Integration 53
Split Server DMZ Deployment 54
Split NET Deployment 54
Split Java Deployment 54
[8] Troubleshooting 59
Files for Testing and Diagnostics 59
Resolving Installation Issues 60
Server Log 60
Log Variables Displayed as ldquonullrdquo 60
[9] Known Issues 61
Datawatch Server - Visualization Edition Will Not Install 61
Server Error HTTP Error 50019 Interval Server Error 63
The Requested Service Could Not Be Activated 65
Server Error on License Addition 67
Faulted State ndash Server Error ndash Unable to Generate a Temporary Class 68
Server Error ndash Failed to Access IIS Metabase 69
There Was No Endpoint Listening 70
HTTP 401 type error message (Unauthorized) when logging in 72
Unable to load data Unable to load plugin with iD 73
Out of Memory Exception 74
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
1
Datawatch includes five separate installation packages
Datawatch Desktop Designer (Datawatch Designer) 32-bit
Datawatch Desktop Designer (Datawatch Designer) 64-bit
Datawatch Server ndash Visualization Edition NET Server 32-bit
Datawatch Server ndash Visualization Edition NET Server 64-bit
Datawatch Server ndash Visualization Edition Java
The Datawatch Desktop Designer program can be used on its own without being connected to
the Datawatch Server ndash Visualization Edition component Desktop Designer allows users to design and use new Desktop Designer Workbooks and Dashboards and also publish to the web
Datawatch Server ndashVisualization Edition is the best way make Desktop Designer Workbooks and Dashboards available to large numbers of users
IMPORTANT For optimal scalability and user experience Datawatch Server ndash Visualization Edition is recommended to be installed on a Server environment Although basic functionality works on desktops (ie Windows 7 8 etc) those should be for demo purposes only
Both components are licensed to provide data connectivity and visualization options
A typical installation scenario is to provide authors with copies of Desktop Designer They develop new Workbooks and Dashboards based on user requirements and then publish them to Server Most business users then access the system over the web with no local software installation needed
NOTE
This document describes how to install Datawatch Server ndash Visualization Edition
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
2
The three Datawatch Server ndash Visualization Editions (Java and NET 32-bit 64-bit) do not have equal functional scope Specifically the Datawatch Server - Visualization Edition for Java
Supports only the following Data Connectors
Database (via JDBC JNDI)
Excel
SVG
Text XML JSON OData
Apache ActiveMQ
Kx kdb+ amp kdb+tick
SAP Sybase Aleri
Streambase CEP amp LiveView
One Market Data OneTick amp OneTick CEP
Requires that published workbooks using database connectivity include JDBCJNDI
connection settings
Supports Java applet delivery HTML Dashboards are not created if Java is not available
Does not provide example Workbooks These must be published from a connected Desktop Designer
Licensing within Datawatch Server ndash Visualization Edition relies on a XML file which is used to store all license information for a specific customer
The license is delivered in a file named DatawatchLicensexml We deliver this license file separately from the installation packages To use the Datawatch product the license file must
be stored locally Select the location of the license file when prompted during the installation
process
License files are required for both the Desktop Designer and Server components
Note that if you install Desktop Designer for stand-alone use it will request activation through entering a separate license key during first use If you install Desktop Designer for use with the Server component the Desktop Designer software will retrieve its license automatically
from the Server Datawatch Server - Visualization Edition allows the systems administrator to copy the license file to the designated License folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
3
The Datawatch Server - Visualization Edition for NET is supported on Microsoft Windows operating systems including
Windows Vista (with IIS) ndash For Development Environments Only
Windows 7 (with IIS) ndash For Development Environments Only
Windows 881 (with IIS) ndash For Development Environments Only
Windows Server 2008
Windows Server 2012
IMPORTANT Datawatch Server - Visualization Edition for NET require Microsoft NET
Framework 45 or above
It is best to install the IIS web server before installing Microsoft NET Framework 45 If you install the NET Framework first it may not register itself correctly with the server
These can be physical or virtualized systems Further information on minimum configurations is listed in the Desktop Designer amp Server Reference Guide
To support R data transforms amp connectivity it also requires
R
R Serve
Additional libraries as required for specific capabilities
To support Python data transforms amp connectivity it also requires
CPython
Pyro 424 425 (Python Remote Data Objects)
Additional modules such as Numpy Scipy and Pandas as required for specific capabilities
Datawatch Server - Visualization Edition for Java is supported on these operating systems
LINUX (Red Hat) on x86
LINUX (SUSE) on x86
Windows Vista ndash For Development Environments Only
Windows 7ndash For Development Environments Only
Windows 8 ndash For Development Environments Only
Windows Server 2008
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Corporation makes no representation or warranties with respect to the contents of this manual or the associated software and especially disclaims any implied warranties of merchantability or fitness for any particular purpose Further Datawatch Corporation reserves the right to revise this publication and make changes from time to time to its contents without obligation to notify anyone of such revisions or changes
Datawatch Desktop software is offered and is to be used in accordance with a SOFTWARE LICENSE AND MAINTENANCE AGREEMENT This agreement stipulates that this software be used only in the computer system designated in that agreement The agreement further stipulates that the customer shall not copy or alter or permit others to copy or alter the software or related materials in whole or in part in any media for any purpose except to make an archive (back-up) copy or to make a copy as an essential step in the use of the software with the customers computer
Datawatch Corporation hereby grants the buyer the right to reprint this documentation for internal uses only No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise for any other purposes without the prior written permission of Datawatch Corporation
Datawatch Server - Visualization Edition Installation and Troubleshooting Guide v126 January 2015 Copyright copy 2015 by Datawatch Corporation All rights reserved Printed in the USA Unpublished - Rights reserved under the copyright law of the United States
Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation Other products mentioned herein may be trademarks or registered
trademarks of their respective owners in the United States or other countries
For US Government End Users the software is a ldquoCommercial Item(s)rdquo as that term is defined at 48 CFR Section 2101 consisting of ldquoCommercial Computer Softwarerdquo and ldquoCommercial Computer Software Documentationrdquo as such terms are used in 48 CFR Section 12212 or 48 CFR Section 2277202 as applicable Consistent with 48 CFR Section 12212 or 48 CFR Sections 2277202-1 through 2277202-4 as applicable the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to US Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the Datawatch Software License and Maintenance Agreement
Datawatch Corporation 271 Mill Rd Quorum Office Park Chelmsford MA 01824 USA Tel 9784412200(800) 4453311 Fax 9784411114 Sales salesdatawatchcom Support supportdatawatchcom
Australia
Datawatch Pty Ltd World Tower 160387 Liverpool Street Sydney NSW 2000 Australia Tel 61 2 8373 5244 E-Mail sales_audatawatchcom
Germany
Datawatch GmbH Leopoldstrasse 244 80807 Muumlnchen Germany Tel 49 89 208 039 528 Sales germanydatawatchcom
Singapore
Datawatch Analytics (Singapore) Pte Ltd 60B Pagoda Street Singapore 059219 Tel 65 6513 3398
United Kingdom
Datawatch International Ltd Siena Court Broadway Maidenhead Berkshire United Kingdom SL6 1NJ Tel +44 845 362 3270 Sales sales_eurodatawatchcom
[1] Overview 1
Installation Packages 1
Datawatch Server - Visualization Editions 2
Licensing 2
System Requirements 3
For NET Edition 3
For Java Edition 3
[2] Installation of Datawatch Server ndash Visualization Edition for NET 5
Setting up prerequisites 5
Installing Datawatch Server ndash Visualization Edition for NET 7
NET Data Connectors Third Party Software Installation 10
StreamBase 71 10
StreamBase LiveView 15 10
SAP Sybase ESP and JMS 11
OneTick 11
Thomson Reuters TREP-RT 12
IBM Cognos TM1 12
Perfmon 12
Other Connectors 12
Datawatch Server - Visualization Edition for NET MS IIS Configuration 13
File Permissions 13
MS IIS Web Server Authentication Schemes 14
MS IIS ndash Application Pool Settings 16
Connecting to 32-bit Data Sources on a 64-bit Edition of Windows 16
Application Pool Idle Time Out and Recycle Settings 18
Application Pool Identity Settings 19
Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments 20
[3] Installation of Datawatch Server ndash Visualization Edition for Java 21
Addition of Metro to Tomcat 23
Installing Datawatch Server - Visualization Edition for Java on Tomcat 25
Configuring Java server Logs 26
Increase Java Heap size for Tomcat 28
Java Data Connectors ndash Third Party Software Installation 29
[4] Server Caches amp Configuration 31
NET Server 32
Java Server 34
R and Python Transform Support 35
R Integration 35
Python Integration 37
[5] Running Datawatch Server ndash Visualization Edition for the First Time 38
For the NET Edition 38
For the Java Edition 42
Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files 45
[6] Upgrading 46
Upgrading Datawatch Server - Visualization Edition for NET 46
Upgrading 46
Uninstalling and Re-Installing 46
Upgrading Datawatch Server - Visualization Edition for Java 46
[7] Advanced Server Deployments 47
Usage in SSL Enabled Environments 47
Network Address Translation 47
NET Server 47
Java Server 48
Reverse Proxy Server Usage49
SSL Off-Loading to the Reverse Proxy 49
Forms Based Authentication 50
Single Sign On (SSO) 51
NET SSO 51
Java SSO 51
Datawatch Server ndash Visualization Edition for Java - Active Directory Integration 53
Split Server DMZ Deployment 54
Split NET Deployment 54
Split Java Deployment 54
[8] Troubleshooting 59
Files for Testing and Diagnostics 59
Resolving Installation Issues 60
Server Log 60
Log Variables Displayed as ldquonullrdquo 60
[9] Known Issues 61
Datawatch Server - Visualization Edition Will Not Install 61
Server Error HTTP Error 50019 Interval Server Error 63
The Requested Service Could Not Be Activated 65
Server Error on License Addition 67
Faulted State ndash Server Error ndash Unable to Generate a Temporary Class 68
Server Error ndash Failed to Access IIS Metabase 69
There Was No Endpoint Listening 70
HTTP 401 type error message (Unauthorized) when logging in 72
Unable to load data Unable to load plugin with iD 73
Out of Memory Exception 74
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
1
Datawatch includes five separate installation packages
Datawatch Desktop Designer (Datawatch Designer) 32-bit
Datawatch Desktop Designer (Datawatch Designer) 64-bit
Datawatch Server ndash Visualization Edition NET Server 32-bit
Datawatch Server ndash Visualization Edition NET Server 64-bit
Datawatch Server ndash Visualization Edition Java
The Datawatch Desktop Designer program can be used on its own without being connected to
the Datawatch Server ndash Visualization Edition component Desktop Designer allows users to design and use new Desktop Designer Workbooks and Dashboards and also publish to the web
Datawatch Server ndashVisualization Edition is the best way make Desktop Designer Workbooks and Dashboards available to large numbers of users
IMPORTANT For optimal scalability and user experience Datawatch Server ndash Visualization Edition is recommended to be installed on a Server environment Although basic functionality works on desktops (ie Windows 7 8 etc) those should be for demo purposes only
Both components are licensed to provide data connectivity and visualization options
A typical installation scenario is to provide authors with copies of Desktop Designer They develop new Workbooks and Dashboards based on user requirements and then publish them to Server Most business users then access the system over the web with no local software installation needed
NOTE
This document describes how to install Datawatch Server ndash Visualization Edition
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
2
The three Datawatch Server ndash Visualization Editions (Java and NET 32-bit 64-bit) do not have equal functional scope Specifically the Datawatch Server - Visualization Edition for Java
Supports only the following Data Connectors
Database (via JDBC JNDI)
Excel
SVG
Text XML JSON OData
Apache ActiveMQ
Kx kdb+ amp kdb+tick
SAP Sybase Aleri
Streambase CEP amp LiveView
One Market Data OneTick amp OneTick CEP
Requires that published workbooks using database connectivity include JDBCJNDI
connection settings
Supports Java applet delivery HTML Dashboards are not created if Java is not available
Does not provide example Workbooks These must be published from a connected Desktop Designer
Licensing within Datawatch Server ndash Visualization Edition relies on a XML file which is used to store all license information for a specific customer
The license is delivered in a file named DatawatchLicensexml We deliver this license file separately from the installation packages To use the Datawatch product the license file must
be stored locally Select the location of the license file when prompted during the installation
process
License files are required for both the Desktop Designer and Server components
Note that if you install Desktop Designer for stand-alone use it will request activation through entering a separate license key during first use If you install Desktop Designer for use with the Server component the Desktop Designer software will retrieve its license automatically
from the Server Datawatch Server - Visualization Edition allows the systems administrator to copy the license file to the designated License folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
3
The Datawatch Server - Visualization Edition for NET is supported on Microsoft Windows operating systems including
Windows Vista (with IIS) ndash For Development Environments Only
Windows 7 (with IIS) ndash For Development Environments Only
Windows 881 (with IIS) ndash For Development Environments Only
Windows Server 2008
Windows Server 2012
IMPORTANT Datawatch Server - Visualization Edition for NET require Microsoft NET
Framework 45 or above
It is best to install the IIS web server before installing Microsoft NET Framework 45 If you install the NET Framework first it may not register itself correctly with the server
These can be physical or virtualized systems Further information on minimum configurations is listed in the Desktop Designer amp Server Reference Guide
To support R data transforms amp connectivity it also requires
R
R Serve
Additional libraries as required for specific capabilities
To support Python data transforms amp connectivity it also requires
CPython
Pyro 424 425 (Python Remote Data Objects)
Additional modules such as Numpy Scipy and Pandas as required for specific capabilities
Datawatch Server - Visualization Edition for Java is supported on these operating systems
LINUX (Red Hat) on x86
LINUX (SUSE) on x86
Windows Vista ndash For Development Environments Only
Windows 7ndash For Development Environments Only
Windows 8 ndash For Development Environments Only
Windows Server 2008
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Australia
Datawatch Pty Ltd World Tower 160387 Liverpool Street Sydney NSW 2000 Australia Tel 61 2 8373 5244 E-Mail sales_audatawatchcom
Germany
Datawatch GmbH Leopoldstrasse 244 80807 Muumlnchen Germany Tel 49 89 208 039 528 Sales germanydatawatchcom
Singapore
Datawatch Analytics (Singapore) Pte Ltd 60B Pagoda Street Singapore 059219 Tel 65 6513 3398
United Kingdom
Datawatch International Ltd Siena Court Broadway Maidenhead Berkshire United Kingdom SL6 1NJ Tel +44 845 362 3270 Sales sales_eurodatawatchcom
[1] Overview 1
Installation Packages 1
Datawatch Server - Visualization Editions 2
Licensing 2
System Requirements 3
For NET Edition 3
For Java Edition 3
[2] Installation of Datawatch Server ndash Visualization Edition for NET 5
Setting up prerequisites 5
Installing Datawatch Server ndash Visualization Edition for NET 7
NET Data Connectors Third Party Software Installation 10
StreamBase 71 10
StreamBase LiveView 15 10
SAP Sybase ESP and JMS 11
OneTick 11
Thomson Reuters TREP-RT 12
IBM Cognos TM1 12
Perfmon 12
Other Connectors 12
Datawatch Server - Visualization Edition for NET MS IIS Configuration 13
File Permissions 13
MS IIS Web Server Authentication Schemes 14
MS IIS ndash Application Pool Settings 16
Connecting to 32-bit Data Sources on a 64-bit Edition of Windows 16
Application Pool Idle Time Out and Recycle Settings 18
Application Pool Identity Settings 19
Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments 20
[3] Installation of Datawatch Server ndash Visualization Edition for Java 21
Addition of Metro to Tomcat 23
Installing Datawatch Server - Visualization Edition for Java on Tomcat 25
Configuring Java server Logs 26
Increase Java Heap size for Tomcat 28
Java Data Connectors ndash Third Party Software Installation 29
[4] Server Caches amp Configuration 31
NET Server 32
Java Server 34
R and Python Transform Support 35
R Integration 35
Python Integration 37
[5] Running Datawatch Server ndash Visualization Edition for the First Time 38
For the NET Edition 38
For the Java Edition 42
Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files 45
[6] Upgrading 46
Upgrading Datawatch Server - Visualization Edition for NET 46
Upgrading 46
Uninstalling and Re-Installing 46
Upgrading Datawatch Server - Visualization Edition for Java 46
[7] Advanced Server Deployments 47
Usage in SSL Enabled Environments 47
Network Address Translation 47
NET Server 47
Java Server 48
Reverse Proxy Server Usage49
SSL Off-Loading to the Reverse Proxy 49
Forms Based Authentication 50
Single Sign On (SSO) 51
NET SSO 51
Java SSO 51
Datawatch Server ndash Visualization Edition for Java - Active Directory Integration 53
Split Server DMZ Deployment 54
Split NET Deployment 54
Split Java Deployment 54
[8] Troubleshooting 59
Files for Testing and Diagnostics 59
Resolving Installation Issues 60
Server Log 60
Log Variables Displayed as ldquonullrdquo 60
[9] Known Issues 61
Datawatch Server - Visualization Edition Will Not Install 61
Server Error HTTP Error 50019 Interval Server Error 63
The Requested Service Could Not Be Activated 65
Server Error on License Addition 67
Faulted State ndash Server Error ndash Unable to Generate a Temporary Class 68
Server Error ndash Failed to Access IIS Metabase 69
There Was No Endpoint Listening 70
HTTP 401 type error message (Unauthorized) when logging in 72
Unable to load data Unable to load plugin with iD 73
Out of Memory Exception 74
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
1
Datawatch includes five separate installation packages
Datawatch Desktop Designer (Datawatch Designer) 32-bit
Datawatch Desktop Designer (Datawatch Designer) 64-bit
Datawatch Server ndash Visualization Edition NET Server 32-bit
Datawatch Server ndash Visualization Edition NET Server 64-bit
Datawatch Server ndash Visualization Edition Java
The Datawatch Desktop Designer program can be used on its own without being connected to
the Datawatch Server ndash Visualization Edition component Desktop Designer allows users to design and use new Desktop Designer Workbooks and Dashboards and also publish to the web
Datawatch Server ndashVisualization Edition is the best way make Desktop Designer Workbooks and Dashboards available to large numbers of users
IMPORTANT For optimal scalability and user experience Datawatch Server ndash Visualization Edition is recommended to be installed on a Server environment Although basic functionality works on desktops (ie Windows 7 8 etc) those should be for demo purposes only
Both components are licensed to provide data connectivity and visualization options
A typical installation scenario is to provide authors with copies of Desktop Designer They develop new Workbooks and Dashboards based on user requirements and then publish them to Server Most business users then access the system over the web with no local software installation needed
NOTE
This document describes how to install Datawatch Server ndash Visualization Edition
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
2
The three Datawatch Server ndash Visualization Editions (Java and NET 32-bit 64-bit) do not have equal functional scope Specifically the Datawatch Server - Visualization Edition for Java
Supports only the following Data Connectors
Database (via JDBC JNDI)
Excel
SVG
Text XML JSON OData
Apache ActiveMQ
Kx kdb+ amp kdb+tick
SAP Sybase Aleri
Streambase CEP amp LiveView
One Market Data OneTick amp OneTick CEP
Requires that published workbooks using database connectivity include JDBCJNDI
connection settings
Supports Java applet delivery HTML Dashboards are not created if Java is not available
Does not provide example Workbooks These must be published from a connected Desktop Designer
Licensing within Datawatch Server ndash Visualization Edition relies on a XML file which is used to store all license information for a specific customer
The license is delivered in a file named DatawatchLicensexml We deliver this license file separately from the installation packages To use the Datawatch product the license file must
be stored locally Select the location of the license file when prompted during the installation
process
License files are required for both the Desktop Designer and Server components
Note that if you install Desktop Designer for stand-alone use it will request activation through entering a separate license key during first use If you install Desktop Designer for use with the Server component the Desktop Designer software will retrieve its license automatically
from the Server Datawatch Server - Visualization Edition allows the systems administrator to copy the license file to the designated License folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
3
The Datawatch Server - Visualization Edition for NET is supported on Microsoft Windows operating systems including
Windows Vista (with IIS) ndash For Development Environments Only
Windows 7 (with IIS) ndash For Development Environments Only
Windows 881 (with IIS) ndash For Development Environments Only
Windows Server 2008
Windows Server 2012
IMPORTANT Datawatch Server - Visualization Edition for NET require Microsoft NET
Framework 45 or above
It is best to install the IIS web server before installing Microsoft NET Framework 45 If you install the NET Framework first it may not register itself correctly with the server
These can be physical or virtualized systems Further information on minimum configurations is listed in the Desktop Designer amp Server Reference Guide
To support R data transforms amp connectivity it also requires
R
R Serve
Additional libraries as required for specific capabilities
To support Python data transforms amp connectivity it also requires
CPython
Pyro 424 425 (Python Remote Data Objects)
Additional modules such as Numpy Scipy and Pandas as required for specific capabilities
Datawatch Server - Visualization Edition for Java is supported on these operating systems
LINUX (Red Hat) on x86
LINUX (SUSE) on x86
Windows Vista ndash For Development Environments Only
Windows 7ndash For Development Environments Only
Windows 8 ndash For Development Environments Only
Windows Server 2008
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
[1] Overview 1
Installation Packages 1
Datawatch Server - Visualization Editions 2
Licensing 2
System Requirements 3
For NET Edition 3
For Java Edition 3
[2] Installation of Datawatch Server ndash Visualization Edition for NET 5
Setting up prerequisites 5
Installing Datawatch Server ndash Visualization Edition for NET 7
NET Data Connectors Third Party Software Installation 10
StreamBase 71 10
StreamBase LiveView 15 10
SAP Sybase ESP and JMS 11
OneTick 11
Thomson Reuters TREP-RT 12
IBM Cognos TM1 12
Perfmon 12
Other Connectors 12
Datawatch Server - Visualization Edition for NET MS IIS Configuration 13
File Permissions 13
MS IIS Web Server Authentication Schemes 14
MS IIS ndash Application Pool Settings 16
Connecting to 32-bit Data Sources on a 64-bit Edition of Windows 16
Application Pool Idle Time Out and Recycle Settings 18
Application Pool Identity Settings 19
Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments 20
[3] Installation of Datawatch Server ndash Visualization Edition for Java 21
Addition of Metro to Tomcat 23
Installing Datawatch Server - Visualization Edition for Java on Tomcat 25
Configuring Java server Logs 26
Increase Java Heap size for Tomcat 28
Java Data Connectors ndash Third Party Software Installation 29
[4] Server Caches amp Configuration 31
NET Server 32
Java Server 34
R and Python Transform Support 35
R Integration 35
Python Integration 37
[5] Running Datawatch Server ndash Visualization Edition for the First Time 38
For the NET Edition 38
For the Java Edition 42
Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files 45
[6] Upgrading 46
Upgrading Datawatch Server - Visualization Edition for NET 46
Upgrading 46
Uninstalling and Re-Installing 46
Upgrading Datawatch Server - Visualization Edition for Java 46
[7] Advanced Server Deployments 47
Usage in SSL Enabled Environments 47
Network Address Translation 47
NET Server 47
Java Server 48
Reverse Proxy Server Usage49
SSL Off-Loading to the Reverse Proxy 49
Forms Based Authentication 50
Single Sign On (SSO) 51
NET SSO 51
Java SSO 51
Datawatch Server ndash Visualization Edition for Java - Active Directory Integration 53
Split Server DMZ Deployment 54
Split NET Deployment 54
Split Java Deployment 54
[8] Troubleshooting 59
Files for Testing and Diagnostics 59
Resolving Installation Issues 60
Server Log 60
Log Variables Displayed as ldquonullrdquo 60
[9] Known Issues 61
Datawatch Server - Visualization Edition Will Not Install 61
Server Error HTTP Error 50019 Interval Server Error 63
The Requested Service Could Not Be Activated 65
Server Error on License Addition 67
Faulted State ndash Server Error ndash Unable to Generate a Temporary Class 68
Server Error ndash Failed to Access IIS Metabase 69
There Was No Endpoint Listening 70
HTTP 401 type error message (Unauthorized) when logging in 72
Unable to load data Unable to load plugin with iD 73
Out of Memory Exception 74
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
1
Datawatch includes five separate installation packages
Datawatch Desktop Designer (Datawatch Designer) 32-bit
Datawatch Desktop Designer (Datawatch Designer) 64-bit
Datawatch Server ndash Visualization Edition NET Server 32-bit
Datawatch Server ndash Visualization Edition NET Server 64-bit
Datawatch Server ndash Visualization Edition Java
The Datawatch Desktop Designer program can be used on its own without being connected to
the Datawatch Server ndash Visualization Edition component Desktop Designer allows users to design and use new Desktop Designer Workbooks and Dashboards and also publish to the web
Datawatch Server ndashVisualization Edition is the best way make Desktop Designer Workbooks and Dashboards available to large numbers of users
IMPORTANT For optimal scalability and user experience Datawatch Server ndash Visualization Edition is recommended to be installed on a Server environment Although basic functionality works on desktops (ie Windows 7 8 etc) those should be for demo purposes only
Both components are licensed to provide data connectivity and visualization options
A typical installation scenario is to provide authors with copies of Desktop Designer They develop new Workbooks and Dashboards based on user requirements and then publish them to Server Most business users then access the system over the web with no local software installation needed
NOTE
This document describes how to install Datawatch Server ndash Visualization Edition
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
2
The three Datawatch Server ndash Visualization Editions (Java and NET 32-bit 64-bit) do not have equal functional scope Specifically the Datawatch Server - Visualization Edition for Java
Supports only the following Data Connectors
Database (via JDBC JNDI)
Excel
SVG
Text XML JSON OData
Apache ActiveMQ
Kx kdb+ amp kdb+tick
SAP Sybase Aleri
Streambase CEP amp LiveView
One Market Data OneTick amp OneTick CEP
Requires that published workbooks using database connectivity include JDBCJNDI
connection settings
Supports Java applet delivery HTML Dashboards are not created if Java is not available
Does not provide example Workbooks These must be published from a connected Desktop Designer
Licensing within Datawatch Server ndash Visualization Edition relies on a XML file which is used to store all license information for a specific customer
The license is delivered in a file named DatawatchLicensexml We deliver this license file separately from the installation packages To use the Datawatch product the license file must
be stored locally Select the location of the license file when prompted during the installation
process
License files are required for both the Desktop Designer and Server components
Note that if you install Desktop Designer for stand-alone use it will request activation through entering a separate license key during first use If you install Desktop Designer for use with the Server component the Desktop Designer software will retrieve its license automatically
from the Server Datawatch Server - Visualization Edition allows the systems administrator to copy the license file to the designated License folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
3
The Datawatch Server - Visualization Edition for NET is supported on Microsoft Windows operating systems including
Windows Vista (with IIS) ndash For Development Environments Only
Windows 7 (with IIS) ndash For Development Environments Only
Windows 881 (with IIS) ndash For Development Environments Only
Windows Server 2008
Windows Server 2012
IMPORTANT Datawatch Server - Visualization Edition for NET require Microsoft NET
Framework 45 or above
It is best to install the IIS web server before installing Microsoft NET Framework 45 If you install the NET Framework first it may not register itself correctly with the server
These can be physical or virtualized systems Further information on minimum configurations is listed in the Desktop Designer amp Server Reference Guide
To support R data transforms amp connectivity it also requires
R
R Serve
Additional libraries as required for specific capabilities
To support Python data transforms amp connectivity it also requires
CPython
Pyro 424 425 (Python Remote Data Objects)
Additional modules such as Numpy Scipy and Pandas as required for specific capabilities
Datawatch Server - Visualization Edition for Java is supported on these operating systems
LINUX (Red Hat) on x86
LINUX (SUSE) on x86
Windows Vista ndash For Development Environments Only
Windows 7ndash For Development Environments Only
Windows 8 ndash For Development Environments Only
Windows Server 2008
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
R Integration 35
Python Integration 37
[5] Running Datawatch Server ndash Visualization Edition for the First Time 38
For the NET Edition 38
For the Java Edition 42
Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files 45
[6] Upgrading 46
Upgrading Datawatch Server - Visualization Edition for NET 46
Upgrading 46
Uninstalling and Re-Installing 46
Upgrading Datawatch Server - Visualization Edition for Java 46
[7] Advanced Server Deployments 47
Usage in SSL Enabled Environments 47
Network Address Translation 47
NET Server 47
Java Server 48
Reverse Proxy Server Usage49
SSL Off-Loading to the Reverse Proxy 49
Forms Based Authentication 50
Single Sign On (SSO) 51
NET SSO 51
Java SSO 51
Datawatch Server ndash Visualization Edition for Java - Active Directory Integration 53
Split Server DMZ Deployment 54
Split NET Deployment 54
Split Java Deployment 54
[8] Troubleshooting 59
Files for Testing and Diagnostics 59
Resolving Installation Issues 60
Server Log 60
Log Variables Displayed as ldquonullrdquo 60
[9] Known Issues 61
Datawatch Server - Visualization Edition Will Not Install 61
Server Error HTTP Error 50019 Interval Server Error 63
The Requested Service Could Not Be Activated 65
Server Error on License Addition 67
Faulted State ndash Server Error ndash Unable to Generate a Temporary Class 68
Server Error ndash Failed to Access IIS Metabase 69
There Was No Endpoint Listening 70
HTTP 401 type error message (Unauthorized) when logging in 72
Unable to load data Unable to load plugin with iD 73
Out of Memory Exception 74
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
1
Datawatch includes five separate installation packages
Datawatch Desktop Designer (Datawatch Designer) 32-bit
Datawatch Desktop Designer (Datawatch Designer) 64-bit
Datawatch Server ndash Visualization Edition NET Server 32-bit
Datawatch Server ndash Visualization Edition NET Server 64-bit
Datawatch Server ndash Visualization Edition Java
The Datawatch Desktop Designer program can be used on its own without being connected to
the Datawatch Server ndash Visualization Edition component Desktop Designer allows users to design and use new Desktop Designer Workbooks and Dashboards and also publish to the web
Datawatch Server ndashVisualization Edition is the best way make Desktop Designer Workbooks and Dashboards available to large numbers of users
IMPORTANT For optimal scalability and user experience Datawatch Server ndash Visualization Edition is recommended to be installed on a Server environment Although basic functionality works on desktops (ie Windows 7 8 etc) those should be for demo purposes only
Both components are licensed to provide data connectivity and visualization options
A typical installation scenario is to provide authors with copies of Desktop Designer They develop new Workbooks and Dashboards based on user requirements and then publish them to Server Most business users then access the system over the web with no local software installation needed
NOTE
This document describes how to install Datawatch Server ndash Visualization Edition
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
2
The three Datawatch Server ndash Visualization Editions (Java and NET 32-bit 64-bit) do not have equal functional scope Specifically the Datawatch Server - Visualization Edition for Java
Supports only the following Data Connectors
Database (via JDBC JNDI)
Excel
SVG
Text XML JSON OData
Apache ActiveMQ
Kx kdb+ amp kdb+tick
SAP Sybase Aleri
Streambase CEP amp LiveView
One Market Data OneTick amp OneTick CEP
Requires that published workbooks using database connectivity include JDBCJNDI
connection settings
Supports Java applet delivery HTML Dashboards are not created if Java is not available
Does not provide example Workbooks These must be published from a connected Desktop Designer
Licensing within Datawatch Server ndash Visualization Edition relies on a XML file which is used to store all license information for a specific customer
The license is delivered in a file named DatawatchLicensexml We deliver this license file separately from the installation packages To use the Datawatch product the license file must
be stored locally Select the location of the license file when prompted during the installation
process
License files are required for both the Desktop Designer and Server components
Note that if you install Desktop Designer for stand-alone use it will request activation through entering a separate license key during first use If you install Desktop Designer for use with the Server component the Desktop Designer software will retrieve its license automatically
from the Server Datawatch Server - Visualization Edition allows the systems administrator to copy the license file to the designated License folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
3
The Datawatch Server - Visualization Edition for NET is supported on Microsoft Windows operating systems including
Windows Vista (with IIS) ndash For Development Environments Only
Windows 7 (with IIS) ndash For Development Environments Only
Windows 881 (with IIS) ndash For Development Environments Only
Windows Server 2008
Windows Server 2012
IMPORTANT Datawatch Server - Visualization Edition for NET require Microsoft NET
Framework 45 or above
It is best to install the IIS web server before installing Microsoft NET Framework 45 If you install the NET Framework first it may not register itself correctly with the server
These can be physical or virtualized systems Further information on minimum configurations is listed in the Desktop Designer amp Server Reference Guide
To support R data transforms amp connectivity it also requires
R
R Serve
Additional libraries as required for specific capabilities
To support Python data transforms amp connectivity it also requires
CPython
Pyro 424 425 (Python Remote Data Objects)
Additional modules such as Numpy Scipy and Pandas as required for specific capabilities
Datawatch Server - Visualization Edition for Java is supported on these operating systems
LINUX (Red Hat) on x86
LINUX (SUSE) on x86
Windows Vista ndash For Development Environments Only
Windows 7ndash For Development Environments Only
Windows 8 ndash For Development Environments Only
Windows Server 2008
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
There Was No Endpoint Listening 70
HTTP 401 type error message (Unauthorized) when logging in 72
Unable to load data Unable to load plugin with iD 73
Out of Memory Exception 74
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
1
Datawatch includes five separate installation packages
Datawatch Desktop Designer (Datawatch Designer) 32-bit
Datawatch Desktop Designer (Datawatch Designer) 64-bit
Datawatch Server ndash Visualization Edition NET Server 32-bit
Datawatch Server ndash Visualization Edition NET Server 64-bit
Datawatch Server ndash Visualization Edition Java
The Datawatch Desktop Designer program can be used on its own without being connected to
the Datawatch Server ndash Visualization Edition component Desktop Designer allows users to design and use new Desktop Designer Workbooks and Dashboards and also publish to the web
Datawatch Server ndashVisualization Edition is the best way make Desktop Designer Workbooks and Dashboards available to large numbers of users
IMPORTANT For optimal scalability and user experience Datawatch Server ndash Visualization Edition is recommended to be installed on a Server environment Although basic functionality works on desktops (ie Windows 7 8 etc) those should be for demo purposes only
Both components are licensed to provide data connectivity and visualization options
A typical installation scenario is to provide authors with copies of Desktop Designer They develop new Workbooks and Dashboards based on user requirements and then publish them to Server Most business users then access the system over the web with no local software installation needed
NOTE
This document describes how to install Datawatch Server ndash Visualization Edition
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
2
The three Datawatch Server ndash Visualization Editions (Java and NET 32-bit 64-bit) do not have equal functional scope Specifically the Datawatch Server - Visualization Edition for Java
Supports only the following Data Connectors
Database (via JDBC JNDI)
Excel
SVG
Text XML JSON OData
Apache ActiveMQ
Kx kdb+ amp kdb+tick
SAP Sybase Aleri
Streambase CEP amp LiveView
One Market Data OneTick amp OneTick CEP
Requires that published workbooks using database connectivity include JDBCJNDI
connection settings
Supports Java applet delivery HTML Dashboards are not created if Java is not available
Does not provide example Workbooks These must be published from a connected Desktop Designer
Licensing within Datawatch Server ndash Visualization Edition relies on a XML file which is used to store all license information for a specific customer
The license is delivered in a file named DatawatchLicensexml We deliver this license file separately from the installation packages To use the Datawatch product the license file must
be stored locally Select the location of the license file when prompted during the installation
process
License files are required for both the Desktop Designer and Server components
Note that if you install Desktop Designer for stand-alone use it will request activation through entering a separate license key during first use If you install Desktop Designer for use with the Server component the Desktop Designer software will retrieve its license automatically
from the Server Datawatch Server - Visualization Edition allows the systems administrator to copy the license file to the designated License folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
3
The Datawatch Server - Visualization Edition for NET is supported on Microsoft Windows operating systems including
Windows Vista (with IIS) ndash For Development Environments Only
Windows 7 (with IIS) ndash For Development Environments Only
Windows 881 (with IIS) ndash For Development Environments Only
Windows Server 2008
Windows Server 2012
IMPORTANT Datawatch Server - Visualization Edition for NET require Microsoft NET
Framework 45 or above
It is best to install the IIS web server before installing Microsoft NET Framework 45 If you install the NET Framework first it may not register itself correctly with the server
These can be physical or virtualized systems Further information on minimum configurations is listed in the Desktop Designer amp Server Reference Guide
To support R data transforms amp connectivity it also requires
R
R Serve
Additional libraries as required for specific capabilities
To support Python data transforms amp connectivity it also requires
CPython
Pyro 424 425 (Python Remote Data Objects)
Additional modules such as Numpy Scipy and Pandas as required for specific capabilities
Datawatch Server - Visualization Edition for Java is supported on these operating systems
LINUX (Red Hat) on x86
LINUX (SUSE) on x86
Windows Vista ndash For Development Environments Only
Windows 7ndash For Development Environments Only
Windows 8 ndash For Development Environments Only
Windows Server 2008
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
1
Datawatch includes five separate installation packages
Datawatch Desktop Designer (Datawatch Designer) 32-bit
Datawatch Desktop Designer (Datawatch Designer) 64-bit
Datawatch Server ndash Visualization Edition NET Server 32-bit
Datawatch Server ndash Visualization Edition NET Server 64-bit
Datawatch Server ndash Visualization Edition Java
The Datawatch Desktop Designer program can be used on its own without being connected to
the Datawatch Server ndash Visualization Edition component Desktop Designer allows users to design and use new Desktop Designer Workbooks and Dashboards and also publish to the web
Datawatch Server ndashVisualization Edition is the best way make Desktop Designer Workbooks and Dashboards available to large numbers of users
IMPORTANT For optimal scalability and user experience Datawatch Server ndash Visualization Edition is recommended to be installed on a Server environment Although basic functionality works on desktops (ie Windows 7 8 etc) those should be for demo purposes only
Both components are licensed to provide data connectivity and visualization options
A typical installation scenario is to provide authors with copies of Desktop Designer They develop new Workbooks and Dashboards based on user requirements and then publish them to Server Most business users then access the system over the web with no local software installation needed
NOTE
This document describes how to install Datawatch Server ndash Visualization Edition
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
2
The three Datawatch Server ndash Visualization Editions (Java and NET 32-bit 64-bit) do not have equal functional scope Specifically the Datawatch Server - Visualization Edition for Java
Supports only the following Data Connectors
Database (via JDBC JNDI)
Excel
SVG
Text XML JSON OData
Apache ActiveMQ
Kx kdb+ amp kdb+tick
SAP Sybase Aleri
Streambase CEP amp LiveView
One Market Data OneTick amp OneTick CEP
Requires that published workbooks using database connectivity include JDBCJNDI
connection settings
Supports Java applet delivery HTML Dashboards are not created if Java is not available
Does not provide example Workbooks These must be published from a connected Desktop Designer
Licensing within Datawatch Server ndash Visualization Edition relies on a XML file which is used to store all license information for a specific customer
The license is delivered in a file named DatawatchLicensexml We deliver this license file separately from the installation packages To use the Datawatch product the license file must
be stored locally Select the location of the license file when prompted during the installation
process
License files are required for both the Desktop Designer and Server components
Note that if you install Desktop Designer for stand-alone use it will request activation through entering a separate license key during first use If you install Desktop Designer for use with the Server component the Desktop Designer software will retrieve its license automatically
from the Server Datawatch Server - Visualization Edition allows the systems administrator to copy the license file to the designated License folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
3
The Datawatch Server - Visualization Edition for NET is supported on Microsoft Windows operating systems including
Windows Vista (with IIS) ndash For Development Environments Only
Windows 7 (with IIS) ndash For Development Environments Only
Windows 881 (with IIS) ndash For Development Environments Only
Windows Server 2008
Windows Server 2012
IMPORTANT Datawatch Server - Visualization Edition for NET require Microsoft NET
Framework 45 or above
It is best to install the IIS web server before installing Microsoft NET Framework 45 If you install the NET Framework first it may not register itself correctly with the server
These can be physical or virtualized systems Further information on minimum configurations is listed in the Desktop Designer amp Server Reference Guide
To support R data transforms amp connectivity it also requires
R
R Serve
Additional libraries as required for specific capabilities
To support Python data transforms amp connectivity it also requires
CPython
Pyro 424 425 (Python Remote Data Objects)
Additional modules such as Numpy Scipy and Pandas as required for specific capabilities
Datawatch Server - Visualization Edition for Java is supported on these operating systems
LINUX (Red Hat) on x86
LINUX (SUSE) on x86
Windows Vista ndash For Development Environments Only
Windows 7ndash For Development Environments Only
Windows 8 ndash For Development Environments Only
Windows Server 2008
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
2
The three Datawatch Server ndash Visualization Editions (Java and NET 32-bit 64-bit) do not have equal functional scope Specifically the Datawatch Server - Visualization Edition for Java
Supports only the following Data Connectors
Database (via JDBC JNDI)
Excel
SVG
Text XML JSON OData
Apache ActiveMQ
Kx kdb+ amp kdb+tick
SAP Sybase Aleri
Streambase CEP amp LiveView
One Market Data OneTick amp OneTick CEP
Requires that published workbooks using database connectivity include JDBCJNDI
connection settings
Supports Java applet delivery HTML Dashboards are not created if Java is not available
Does not provide example Workbooks These must be published from a connected Desktop Designer
Licensing within Datawatch Server ndash Visualization Edition relies on a XML file which is used to store all license information for a specific customer
The license is delivered in a file named DatawatchLicensexml We deliver this license file separately from the installation packages To use the Datawatch product the license file must
be stored locally Select the location of the license file when prompted during the installation
process
License files are required for both the Desktop Designer and Server components
Note that if you install Desktop Designer for stand-alone use it will request activation through entering a separate license key during first use If you install Desktop Designer for use with the Server component the Desktop Designer software will retrieve its license automatically
from the Server Datawatch Server - Visualization Edition allows the systems administrator to copy the license file to the designated License folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
3
The Datawatch Server - Visualization Edition for NET is supported on Microsoft Windows operating systems including
Windows Vista (with IIS) ndash For Development Environments Only
Windows 7 (with IIS) ndash For Development Environments Only
Windows 881 (with IIS) ndash For Development Environments Only
Windows Server 2008
Windows Server 2012
IMPORTANT Datawatch Server - Visualization Edition for NET require Microsoft NET
Framework 45 or above
It is best to install the IIS web server before installing Microsoft NET Framework 45 If you install the NET Framework first it may not register itself correctly with the server
These can be physical or virtualized systems Further information on minimum configurations is listed in the Desktop Designer amp Server Reference Guide
To support R data transforms amp connectivity it also requires
R
R Serve
Additional libraries as required for specific capabilities
To support Python data transforms amp connectivity it also requires
CPython
Pyro 424 425 (Python Remote Data Objects)
Additional modules such as Numpy Scipy and Pandas as required for specific capabilities
Datawatch Server - Visualization Edition for Java is supported on these operating systems
LINUX (Red Hat) on x86
LINUX (SUSE) on x86
Windows Vista ndash For Development Environments Only
Windows 7ndash For Development Environments Only
Windows 8 ndash For Development Environments Only
Windows Server 2008
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
3
The Datawatch Server - Visualization Edition for NET is supported on Microsoft Windows operating systems including
Windows Vista (with IIS) ndash For Development Environments Only
Windows 7 (with IIS) ndash For Development Environments Only
Windows 881 (with IIS) ndash For Development Environments Only
Windows Server 2008
Windows Server 2012
IMPORTANT Datawatch Server - Visualization Edition for NET require Microsoft NET
Framework 45 or above
It is best to install the IIS web server before installing Microsoft NET Framework 45 If you install the NET Framework first it may not register itself correctly with the server
These can be physical or virtualized systems Further information on minimum configurations is listed in the Desktop Designer amp Server Reference Guide
To support R data transforms amp connectivity it also requires
R
R Serve
Additional libraries as required for specific capabilities
To support Python data transforms amp connectivity it also requires
CPython
Pyro 424 425 (Python Remote Data Objects)
Additional modules such as Numpy Scipy and Pandas as required for specific capabilities
Datawatch Server - Visualization Edition for Java is supported on these operating systems
LINUX (Red Hat) on x86
LINUX (SUSE) on x86
Windows Vista ndash For Development Environments Only
Windows 7ndash For Development Environments Only
Windows 8 ndash For Development Environments Only
Windows Server 2008
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
4
Windows Server 2012
Datawatch Server - Visualization Edition for Java also requires
Apache Tomcat 7
Apache Tomcat 8
Java Metro Web Service Stack ( httpmetrojavanet )
Version 22 is still supported but version 23 is recommended
You must separately have installed OLE DB (or ODBCJDBC) drivers for your data repository (databases and other sources) in order for Desktop Designer to connect to your data
The Desktop Designer Analyst (Java) can be accessed from any Windows machine running that supports Java applets with a Java Virtual Machine (JVM) of version 7 or above Download the latest version of the Java Virtual Machine at httpjavacomgetjava
IMPORTANT Datawatch Server - Visualization Edition requires administrative privileges during installation Administrative privileges are not required after installation is complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
5
Datawatch Server - Visualization Edition for NET is the NET edition of the server component for the Datawatch Visual Data Discovery system The install files consist of
Readmetxt
Installation Guide
Setupexe
Datawatch MSI
(DatawatchVisualizationServerx86msi DatawatchVisualizationServerx64msi)
Register_NET_With_IISbat
Register_WCFbat
Before installing Datawatch Server ndash Visualization Edition for NET Server install the following prerequisites in this order to ensure that they register correctly with the Server
1 Microsoft IIS web server
2 Microsoft NET Framework 45
Register this with the IIS web server
Steps
1 Install Microsoft IIS Server
Control Panel gt Programs and Features gt Turn Windows Features on or off
The Windows Features dialog displays
NOTE
The graphic interface looks different on workstation versions of Windows (Windows 7) compared to server versions (Server 2008 or 2012)
2 Turn on the following features
NET Framework 35 (includes NET 20 and 30)
Windows Communication Foundation HTTP Activation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
6
Windows Communication Foundation Non-HTTP Activation
NET Framework 45 Advanced Services (if available)
ASPNET 45 (if available)
WCF Services (if available)
Internet Information Services
Web Management Tools
IIS Management Console
IIS Management Scripts amp Tools
IIS Management Service
World Wide Web Services
Application Development Features
NET Extensibility
ASP
ASPNET
Common HTTP Features
Security
Windows Authentication
NOTE
Requires a Professional or Server version of Windows
3 Click OK or Install to make changes to the features You can now install Datawatch
Server ndash Visualization Edition for NET
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
7
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
2 The Welcome dialog displays
3 Click Next The License Agreement displays
4 Read the software license select I accepthellip and click Next
The Select Installation Address dialog displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
8
5 Select the Virtual Directory in the Default Web Site By default this is
panopticonex
6 Select the required Application Pool By default this is
DefaultAppPool
7 Click Next The Ready to Install dialog displays
8 Click Install to confirm the installation You will be informed about the progress of the
installation process
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
9
Installation typically takes less than 60 seconds You will be notified once the installation is complete
9 Click Finish to confirm the installation
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
10
A number of data connectors require additional third party software installation to be enabled and listed in the Connect to Data dialog These include
StreamBase 71
StreamBase LiveView 15
SAP Sybase ESP
Thomson Reuters TREP-RT
Thomson Reuters Velocity Analytics (ODBC Drivers)
One Market Data OneTick amp OneTick CEP
IBM Cognos TM1
Perfmon
For StreamBase 71 either install the full StreamBase CEP 71 client or the StreamBase 71
NET Client Redistributable If no StreamBase model development is to occur on the machine install the NET client redistributable that is appropriate for the Server installed (32-bit or 64-bit)
Example
Streamabse-NET-client-redist-71121_1211191613msi (32-bit)
StreamBase-NET-Win64-client-redist-71121_1211191613msi (64-bit)
For StreamBase LiveView 15 two files are required
Streambase 73 NET Client
Streambase LiveView 15 API
Manually copy the required version of StreamBaseSBClientdll
Which is found in the Streambase bin or bin64 folders
For example
CProgram Files (x86)StreamBase SystemsStreamBase73bin (32-bit)
CProgram Files (x86)StreamBase SystemsStreamBase73bin64 (64-bit)
To the Datawatch Server - Visualization Edition Plugins folder which is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
11
Then manually copy StreamBaseLiveViewAPIdll
Which is found in the LiveView 15 SDK Bin folder
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewsdkbin
To the Datawatch Server - Visualization Edition Plugins folder
For SAP Sybase ESP and JMS message buses copy the appropriate (3264-bit) NET PubSub Libraries to the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
Connectivity to OneTick has changed in the Desktop Designer amp NET Server since 631 to be through the C API rather than through ODBC
As a consequence the ODBC driver is no longer required but the installations of the OneTick
client plus the following are prerequisites
For OneTick manually copy specific dependency files from the OneTick installation (eg
Comdone_market_dataone_tickbin) to the Datawatch Server - Visualization Edition
Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
The specific files to be copied are
Csomddll
Csomd_nativedll
Libonetickdll
Additionally the following further files are required for streaming continuous query support
msvcp100dll
msvcr100dll
The OneTick connector also requires that the environment variable ONE_TICK_CONFIG
Has been configured with the path to the required config file
Example Comdclient_dataconfigone_tick_configtxt
And that the OneTick configuration file has entries for Windows OS time zone mapping and information
Example
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
12
WINDOWS_TZ_MAPPING_FILE=COMDone_market_dataone_tickconfigwindows
_tz_mappingdat
WINDOWS_ZONEINFO_PATH=COMDone_market_dataone_tickconfigzoneinfo
Additionally the OneTick client folder should be set to have the same permissions as for the
Datawatch Server folder under cinetpubwwwroot
Please check that the OneTick C API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick C API examples
For Thomson Reuters TREP-RT retrieve the NET RFA libraries and follow the instructions of
copying the files to the Datawatch Server - Visualization Edition Plugins folder
For IBM Cognos TM1 copy the following (3264-bit) NET Libraries
ApplixTM1APIdll
ApplixTM1AIPSSPIdll
To the Datawatch Server - Visualization Edition Plugins folder
This is available by default at
CinetpubwwwrootpanopticonexbinPlugins
These TM1 libraries are found within the TM1 installation under Program Files
To access performance counters in the network the domain user who is running Desktop Designer must be added to the Performance Monitor Users group on these computers
Go to Control Panel gt All Control Panel Items gt Administrative Tools gt Computer Management then under System Tools select Local Users and Groups gt Groups
Find Performance Monitor Users group and open its properties
Click Add and add the domain user who will need to access the performance counters
To make the local performance counters accessible from the IIS server add the IIS AppPool user (IIS APPPOOL[ApplicationPoolName] by default) to Performance Monitor Users
Additionally the following connectors will only be available for use if the appropriate ODBCOLEDB drivers and client have been installed
Thomson Reuters Velocity Analytics (Firebird ODBC Driver)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
13
Before the server can be used additional steps are required to configure the MS IIS web server specifically
File Permissions
Web Server Authentication Schemes
Cache Configuration
By default the software is installed to CInetPubwwwrootpanopticonex and produces
a folder structure like this
Data published to Datawatch Server - Visualization Edition is stored in the App_Data folder
IMPORTANT Both the IIS_IUSRS group and the NETWORK SERVICE group must have permissions to read modify and write to the panopticonex folder for the server to operate correctly
Steps
1 Right-click on the panopticonex folder and select Properties
The panopticonex Properties dialog is displayed
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
14
2 Select the Security tab and set the following groups to have Read Write and Modify permissions to this folder
IIS_IUSRS group
NETWORK SERVICE group
3 Click OK to apply the changes
The NET Server requires that the following two authentication schemes are enabled for the panopticonex Folder
Anonymous
Windows Authentication
You can confirm and update these two authentication schemes through the Internet Information Services (IIS) Manager
For IIS on Vista Windows 7881 and Windows Server 20082012 display the authentication properties by selecting the Authentication tab
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
15
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
16
A number of data sources such as the 32-bit versions of SAP Sybase Aleri and MS Access are accessed through 32-bit drivers These are installed with the 32-bit Datawatch Server -
Visualization Edition
However by default on a 64-bit operating system the Datawatch Server - Visualization
Edition may exist as a 64-bit process through allocation to a 64-bit application pool and consequently be unable to use these drivers
To operate correctly the 64-bit Datawatch Server - Visualization Edition must run as a 32-bit process
On IIS (Vista Windows 20082013 and Windows 7881) this is achieved by enabling 32-bit applications in the application pool
1 From within the IIS Manager select the application pool which is running the Datawatch Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find this option in the General section)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
17
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
18
An application pool will time out after a defined period of inactivity which by default 20 minutes As the Datawatch Server ndash Visualization Edition has a load time it is appropriate to
increase this time out to a much larger value
From within the IIS Manager select the application pool which is running Datawatch Server - Visualization Edition and click Advanced Settings
In the Advanced Settings dialog set the Idle Time-out (minutes) option to 1440 (find this option in the Process Model section)
Additionally an application pool will recycle (restart) every 1740 minutes by default which
equates to every 29 hours Although it is good practice to restart the application pool on a
regular basis it may be beneficial to restart the pool at the same scheduled time every day If this is required edit the Specific Times TimeSpan[] Array to determine the required times for application pool recycling
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
19
An application pool identity allows running of an application pool under a unique account without having to create and manage domain or local accounts
IMPORTANT The steps in this section are only required for users with enabled application pool identity for added security
Steps
1 In the Advanced Settings dialog make sure the Identity is set to
ApplicationPoolIdentity
2 Right-click on the panopticonex folder on CInetPubwwwroot and select
Properties
The panopticonex Properties dialog displays
3 Select the Security tab and click Edit
The Permissions for panopticonex dialog displays
4 Click Add
5 Enter IIS AppPoolDefaultAppPool into the Enter the object names to select box
6 Click Check Names DefaultAppPool is displayed in the box
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
20
7 Click OK
8 Set this group to have Read and Write permissions to the panopticonex folder
9 Click OK to apply the changes
NOTE
Another option is to set the Identity to NetworkService
and give the NetworkService group Read and Write
permissions to the panopticonex folder
When connecting to Oracle or other similar database drivers you must use the appropriate supplied database driver software from Oracle Once installed and configured you must set up permissions for Oracle Home folder properly in order for Datawatch Server - Visualization Edition to correctly access the Oracle Database drivers
The Oracle Home folder is typically the Ora92 folder under the Oracle folder (for example
COracleOra92)
Ensure that both Authenticated Users and ASP NET Machine Account have Modify permissions
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
21
The Datawatch Server - Visualization Edition is the Java edition of the server component for the Desktop Designer system There are the pre-installation files
Setupexe
DatawatchVisualizationServermsi
This is required to accept the terms and conditions and extract the WAR files for J2EE server deployment
Steps
1 Run the Setupexe as an administrator (Right-click and Run as Administrator)
The Welcome to Datawatch Visualization Server for Java Setup dialog box displays
2 Click Next The License Agreement displays
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
22
3 Read the software license select I accepthellip and click Next
The default destination folder to extract the WAR file is displayed
4 Click Next The Ready to Install dialog displays
Installation typically takes less than 60 seconds You will be notified once the installation is
complete
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
23
10 Click Finish to confirm
There are two extracted files panopticonexwar panopticondmzwar
The panopticonexwar file is to be deployed onto an appropriately configured Apache Tomcat + Metro environment that uses OracleSun Java (not the Open JDK) The
panopticondmzwar file is only required to be deployed in specific firewall deployment scenarios
The Java Metro web service stack can be retrieved from httpmetrojavanet Metro
versions 22 and 23 are supported Follow the installation instructions provided by the website
Alternatively
1 Download the Metro JAR files
2 Create the following folders under the Tomcat installation folder
endorsed
sharedlib
3 Place the Metro JAR Files in the appropriate folders For example
endorsedwebservices-apijar
sharedlibwebservices-extrajar
sharedlibwebservices-extra-apijar
sharedlibwebservices-rtjar
sharedlibwebservices-toolsjar
4 Edit confcatalinaproperties
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
24
Replace sharedloader=
With sharedloader=$catalinahomesharedlibjar
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
25
Steps
1 Create the data folder for Datawatch Server - Visualization Edition (for example
cpanopticondata) This will be used for Desktop Designer Workbook license and
data storage and can be placed on any local drive of the server
2 Ensure that the user account (ie local service account) running Tomcat has readwrite amp
execute permissions to this folder
3 Place the Desktop Designer license file (supplied separately) in the application data folder
4 Stop Shutdown Tomcat if it is running
5 Select a name for the Java server application For example panopticonex
6 In the Tomcat configuration folder listed below create a file named [application]xml For
example panopticonexxml in confCatalinalocalhost
7 In the newly created XML file add the following text
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=[name of your application]gt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=[absolute path to your application data folder]gt
ltContextgt
8 Copy the panopticonexWAR file into the Tomcat webapps folder
NOTE
If the name of your application was not panopticonex then rename the WAR file accordingly
9 Add a new user account to Tomcat In order to be authenticated in the Java server a user
should have the role user in Tomcat (edit conftomcat-usersxml)
For example ltuser username=designer password=designer roles=usergt
Optional Steps
Add the attribute URIEncoding=UTF-8 to the Connector element(s) in serverxml
(Otherwise the server will not be able to handle workbooks with names that include non-ANSI characters
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
26
Configure the Java server logs to separate log filelog level in Tomcatrsquos
confloggingproperties file (Datawatch Designer logs start with companopticon)
10 Restart Tomcat
11 You should now be able to log on to the Server for Java using the following
[Host Name][Port][Name of your application]
For example
httplocalhost8080panopticonex
Details on how to configure Apache Tomcat logs can be found at
httptomcatapacheorgtomcat-70-doclogginghtml or
httptomcatapacheorgtomcat-80-doclogginghtml
Steps
1 Open the file loggingproperties
2 Add an extra handler at end of the line starting handlers =
5exorgapachejuliFileHandler
3 Add an extra section after the host manager section
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
4 At the end of the file add the following section
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
5 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
27
An example loggingproperties file is included below with the new sections highlighted
handlers = 1catalinaorgapachejuliFileHandler
2localhostorgapachejuliFileHandler 3managerorgapachejuliFileHandler
4host-managerorgapachejuliFileHandler javautilloggingConsoleHandler
5exorgapachejuliFileHandler
handlers = 1catalinaorgapachejuliFileHandler
javautilloggingConsoleHandler
Handler specific properties
1catalinaorgapachejuliFileHandlerlevel = FINE
1catalinaorgapachejuliFileHandlerdirectory = $catalinabaselogs
1catalinaorgapachejuliFileHandlerprefix = catalina
2localhostorgapachejuliFileHandlerlevel = FINE
2localhostorgapachejuliFileHandlerdirectory = $catalinabaselogs
2localhostorgapachejuliFileHandlerprefix = localhost
3managerorgapachejuliFileHandlerlevel = FINE
3managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
3managerorgapachejuliFileHandlerprefix = manager
4host-managerorgapachejuliFileHandlerlevel = FINE
4host-managerorgapachejuliFileHandlerdirectory = $catalinabaselogs
4host-managerorgapachejuliFileHandlerprefix = host-manager
5exorgapachejuliFileHandlerlevel = FINEST
5exorgapachejuliFileHandlerdirectory = $catalinabaselogs
5exorgapachejuliFileHandlerprefix = ex
javautilloggingConsoleHandlerlevel = FINE
javautilloggingConsoleHandlerformatter = javautilloggingSimpleFormatter
Facility specific properties
Provides extra control for each logger
orgapachecatalinacoreContainerBase[Catalina][localhost]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost]handlers =
2localhostorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]level
= INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][manager]handle
rs = 3managerorgapachejuliFileHandler
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]level = INFO
orgapachecatalinacoreContainerBase[Catalina][localhost][host-
manager]handlers = 4host-managerorgapachejuliFileHandler
companopticonlevel = FINE
companopticonhandlers = 5exorgapachejuliFileHandler
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
28
NOTE
It is recommended to increase the Java heap size of Tomcat
to avoid the initiation of garbage collection when memory usage hits the set threshold
The steps may vary depending on how Tomcat was deployed
Steps
1 Stop Tomcat
2 You can either create a file named setenvbat (for Windows) or setenvsh (for Linux)
3 Place them in the Tomcat bin folder
4 Set the minimum and maximum heap size with the JVM ndashXms and ndashXmx parameters A
maximum of 1 GB is recommended For example
set JAVA_OPTS=-Dfileencoding=UTF-8 -Xms128m -Xmx1024m
5 Save the file
6 Restart the Tomcat service to apply the increase in the heap size
Another option in setting the heap size is through the System Variables Follow these steps
1 Stop Tomcat
2 Go to System Environment variables (Right-click Computer gt Properties gt Advanced
System Parameters gt Environment Variables)
The System Properties dialog displays
3 Select the Advanced tab and click Environment Variables
4 Click New under the System Variables section
5 Define the following
Variable Name CATALINA_OPTS
Variable value -Xms512m -Xmx1024m
6 Click OK then OK again
7 Restart the Tomcat service
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
29
As with the Desktop Designer and NET server a number of data connectors require additional third party software installation to be enabled This typically requires adding JAR files to the
Lib folder of the Tomcat installation and restarting Tomcat
Common additions include
JDBC Drivers
Streambase CEP
This requires the following JAR to be added sbclientjar
Which is retrieved from the Streambase Lib folder
For example
CProgram Files (x86)StreamBase SystemsStreamBase7xlib
Streambase LiveView
This requires the following JARs to be added sbclientjar
From the Streambase installation
For example
CProgram Files (x86)StreamBase SystemsStreamBase73lib
Plus the JARS from the from the Streambase LiveView installation
For example
CProgram Files (x86)StreamBase
SystemsStreamBase73liveviewlib
These are specifically
lv-clientjar
lv-client-wwwdepsjar
lv-compilerjar
jyaml-13jar
LiveView connectivity also requires a deletion of a JAR from the standard installation due to compatibility problems between LiveView and the Datawatch Server Content Edition
connector
Specifically the deletion of the JAR jersey-core-113jar
Which is found in Tomcat 70webappspanopticonexWEB-INFlib
NOTE
For LiveView connectivity the same versions of the sbclient and LiveView JARS must be used
Streambase software can be downloaded from httpdownloadstreambasecom
OneMarketData OneTick OneTick CEP
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
30
This requires that the following JAR be added
jomdjar
Which is retrieved from the OneTick bin folder
For example
Comdone_market_dataone_tickbin
NOTE
If 64-bit Tomcat is used then the 64-bit OneTick JAR (and associated client should be used)
Additionally the following environment variables must be configured
PATH
To Include the OneTick bin folder
For example
Comdone_market_dataone_tickbin
ONE_TICK_CONFIG
To reference the OneTick configuration file
For example
Comdclient_dataconfigone_tick_configtxt
Plus the Tomcat configuration should include the following Java option
-Djavalibrarypath=Comdone_market_dataone_tickbin
Additionally the OneTick client folder should be set to have the same permissions as those running the Tomcat process
Please check that the OneTick Java API is operational before accessing workbooks through the server that utilize OneTick connectivity This can be easily achieved by running one of the OneTick Java API examples
NOTE
The OneTick JAR must be updated to match the version of the OneTick client installation
JMX
Use the following java options to enable JMX monitoring for JMX plugin
Enable JMX remote connection (-Dcomsunmanagementjmxremote)
Disable JMX authentication (-
Dcomsunmanagementjmxremoteauthenticate=false) Note This is not
supported for now
Set remote port for jmx (-Dcomsunmanagementjmxremoteport=number)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
31
The Datawatch Server ndash Visualization edition supports three levels of caching
Queryable cache
Recordset Cache
Subscription Cache
All of which are optional If caching is specifically not desired data requests can always be forwarded to the underlying data repository
The Subscription cache describes the cache used for streaming subscriptions This cache is used to ensure subscriptions are not duplicated by the server and that instead the server manages duplicate end client subscription requests Subscriptions are started when the server receives a valid client request and are only terminated on server instance restart
The recordset cache is a traditional key value cache and stores query results from prior data requests to underlying data repositories The query results are keyed against
Originating workbook
Originating data table
Supplied parameter values
On Demand Queries
And each resultset is cached with a time to live (TTL) defined in the original data table
The resultset cache does not store data extracts that can then be further queried it simply stores query results to minimize underlying data repository load by minimizing query duplication
The Queryable cache stores data extracts from underlying databases These data extracts can then be further queried by Datawatch This approach is ideal if the underlying repository is
limited in functionality (eg a flat CSV file) or slow to query As a data extract is made the data is not live which may limit the usage
The Queryable cache mechanism supports two underlying database technologies
Kx kdb+
MS SQL Server (Only in the NET Server)
These are configured in the server configuration files
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
32
To enable the Query-able cache on the NET Server
Cache Technology Selection
This is achieved through the Server ndash System Settings page
Example
This saves the selection into the WebAppSettingsconfig file
Either
ltadd key=CachePlugin value=KDBCache gt
Or
ltadd key=CachePlugin value=SqlServerCachePlugin gt
Cache Configuration
This is achieved through the webconfig file within the section
ltintelligentCacheSettingsGroupgt
By default each cache technology is listed commented out The selected cache
technology should be uncommented and the configuration details completed
Specifically
Technology Attribute XML Description
SQL Server ltValuesgt ltPropertyValuegt ltNamegtInstanceNameltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtAuthenticationltNamegt ltValuegtSQLServerltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserIdltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtDatabaseNameltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
InstanceName It will be server amp instance name of MS SQL Server
Authentication Either SQLServer or Windows for authentication mode
UserId User Id to access MS SQL Server Not required in case of Windows authentication mode
Password Password to access MS SQL Server Not required in case of Windows authentication mode
DatabaseName Database to be used to store cache information This needs to be a pre-defined database
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
33
Technology Attribute XML Description
KDB ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt
ltValuesgt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
34
To enable the Query-able cache on the Java Server
The Server configuration file (panopticonexxml) is updated to include the following
ltEnvironment
name=CachePlugin
override=false
type=javalangString
value=KDBCache gt
A new cache settings file titled ldquoCacheSettingsxmlrdquo is placed in the defined AppData folder
This file has the following properties defined
Attribute XML Description ltxml version=10 encoding=UTF-8 standalone=yesgt ltPropertyBag xmlns=httpschemaspanopticoncom200812DashboardsModel xmlnsns2=httpschemasmicrosoftcom200310SerializationArrays xmlnsns3=httpschemaspanopticoncom200812DashboardsServer xmlnsns4=httpschemasmicrosoftcom200310Serializationgt ltName xmlnsxsi=httpwwww3org2001XMLSchema-instance xsinil=truegtCacheSettingsltNamegt ltValuesgt ltPropertyValuegt ltNamegtIsDefaultltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtIsLogMemoryCheckltNamegt ltValuegtfalseltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtHostltNamegt ltValuegtlocalhostltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPortltNamegt ltValuegt5002ltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtUserNameltNamegt ltValuegtltValuegt ltPropertyValuegt ltPropertyValuegt ltNamegtPasswordltNamegt ltValuegtltValuegt ltPropertyValuegt ltValuesgt ltPropertyBaggt
IsDefault If true the system will run its default instance For user defined instance they must be started before server starts
IsLogMemoryCheck If true perform and log memory checks
Host Host Name of KDB data connection
Port Port specified for KDB
UserName User Id to access kdb+ instance
Password Password to access kdb+ instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
35
R and Python connectivity and transforms occur over TCPIP network links
For R R Serve is used
For Python Pyro (Python Remote Data Objects) is used
To enable R connectivity
1 Download R install it and the R Console ( httpcranrstudiocom )
2 Open the R Console
3 Install R Serve using the following command from within the R Console
installpackages(Rserve)
4 Initiatiate the R Serve library using the following command
library(Rserve)
5 Run R Serve by executing the following command
Rserve()
Only 2 4 amp 5 need to be repeated when R connectivity is required
Example
Note Connectivity by default is over Port 6311
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
36
To enable authentication across the R Serve TCPIP link
create a password file (pwdfilepwd)
Each line of the file should have the user and then the password
Example
user1 password1
user2 password2
Create a configuration file with following parameters (rconfigconf)
auth required
pwdfile [path of password file]
Example
remote enable
auth required
port 6311
pwdfile CRIntegrationpwdfilepwd
load the created configuration file (the default R Serve configuration file is still loaded but its settings have lower priority) and run Rserve
Rserve(args=--RS-conf [path of configuration file])
Example
Rserve(args=--RS-conf CRIntegrationrconfigconf)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
37
To enable Python connectivity
1 Download and install Python 27
(httpswwwpythonorgdownloadsreleasepython-278 )
2 Add Python installation folder to your PATH environment variable
3 Download Pyro 425 (NOT any later version)
4 From the command prompt navigate to the Pyro install and run
python setuppy install
5 Pyro is now installed into the Python site packages typically at CPython27Libsite-packagesPyro4
6 Overwrite configurationpy with that supplied or alternatively edit the file changing the lines
From selfSERIALIZER = serpent
To selfSERIALIZER = pickle
From selfSERIALIZERS_ACCEPTED = serpentmarshaljson
To selfSERIALIZERS_ACCEPTED = picklemarshaljson
From selfHMAC_KEY = None
To selfHMAC_KEY = [Your Password]
In the shipped example workbook and the supplied configurationpy the selfHMAC_KEY is
set to password
7 Run the supplied Batch File start_Python_connectivitybat
This includes the following commands
echo on
start python -m Pyro4naming
ping localhost
cd ~dp0
python pyropy
Only 7 needs to be repeated when Python connectivity is required
NOTE
Connectivity by default is over Port 9090 and requires a password as entered in the Pyro configurationpy
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
38
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhostpanopticonex
The default start page should display a list of published Datawatch Designer Workbooks
NOTE
You must provide authentication credentials or copy the Desktop Designer license file to the designated license folder to be able to view the published workbooks
Steps
1 Clicking the Login button will automatically pick up authenticated user credentials
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
39
If authenticated user credentials are not available the system will present a login window
2 Enter your authentication credentials
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Define administrators
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
View the current license
Delete Workbooks and Data (Administrator access)
Define and manage parameters
IMPORTANT To login to Datawatch Server - Visualization Edition a user account must exist on the machine that has a password defined
3 Select the System Settings Tab
The System Settings tab also allows you to view the location and details of the License file
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
40
Initially it will display No license file You need to manually copy the
DatawatchLicensexml to this location CInetpubwwwrootpanopticonexbin
folder
Refresh the page The name and details of the License file are displayed
4 Select the Workbooks tab to display the list of published workbooks
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
41
Refer to the Desktop Designer Client User Guide for more information
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
42
When you open Datawatch Server - Visualization Edition in a web browser by entering
httplocalhost[installedport]panopticonex
The default start page displays as below ready to accept published workbooks
NOTE
You must provide authentication credentials to be able to view the published workbooks
1 Clicking the Login button will automatically pick up authenticated user credentials
If authenticated user credentials are not available the system will present a login window
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
43
2 Enter your authentication credentials (as defined in Tomcat ie designerdesigner)
The system will redirect you to a protected version of the server This protected version allows the user to
Access published workbooks
Manage Server queryable cache modification including Data Refresh
Manage the list of centralized data table definitions
Define administrators
View the current license
Delete Workbooks and Data Table Templates (Administrator access)
Define and manage parameters
3 Select the System Settings Tab
The System Settings tab displays the following
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
44
And provides
Active license display
Active number of data threads display
Administrator management
Animated Selection display management
Selection of Default Client HTML5 or Java
Ability to clear the server cache (typically used after manually copying workbook files between servers)
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
45
Following a confirmed successful installation of the Datawatch Server - Visualization Edition for
NET you can optionally remove the test folder from your Datawatch Server -
Visualization Edition installation
These files are used for testing troubleshooting and diagnostics purposes and are not needed
once the server instance is working as intended
Since these files can be useful at a later stage it may be a good idea to keep them in any development stage installation of Server for NET while deleting them from any production stage installation
The files are not specific for a particular installation and can be moved from one installation of the Datawatch Server - Visualization Edition to another
Note that all of the diagnostics pages that publish any information about the system require
that the user is authenticated as set in the webconfig file of the test folder
The files in the folder are the following
panopticonextestaspnetaspx
panopticonextestAuthenticationDiagnosticsaspx
panopticonextestAuthenticationGetResourceaspx
panopticonextestAuthenticationTestaspx
panopticonextestdefaulthtm
panopticonextestwebconfig
All files with the name prefix Authentication require successful user authentication before they
are accessible through the web browser
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
46
A previously installed Server for NET can be upgraded to the latest version through either
Simply install the latest release as defined earlier This will update the existing software installation
Again this capability is only available when the version number changes and consequently may not be available for customer specific builds
This is achieved through
1 Select Control Panel gt Programs amp Features
2 Select Datawatch Server - Visualization Edition from the listing of installed programs and
select Uninstall
3 Then install the latest release as defined previously
In both cases the NET application pool running the Server for NET will be restarted as part of the upgrade process Additionally as the IIS configuration defined in the initial installation has been already completed it does not need to be repeated
A previously installed Server for Java can be upgraded through the following process
1 Stop Tomcat
2 Delete the existing WAR file (for example webappspanopticonexwar)
3 Delete the deployed application (for example webappspanopticonex)
4 Delete the cache from the working folder (for example
workCatalinalocalhostpanopticonex)
5 Deploy the new war file as detailed previously by copying the panopticonexwar file
into the Tomcat webapps folder
6 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
47
Both server platforms support usage under SSL However while the Java server requires no
modification the NET Server requires that itrsquos webconfig file is updated so that dummy end points are commented out and correct SSL endpoints are enabled within the services section of the webconfig starting at line 345 This is documented with comments in the webconfig file itself
Internet facing servers typically need to support network address translation As the server
uses web services which are by default dynamically mapped to addresses additional configuration is required to support network address translation
This is achieved through the following steps
1 Within the NET Server WepAppSettingsconfig file set the DynamicServerAddress in WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
2 If not installed into the default location ldquopanopticonexrdquo update the webconfig to
replace
From httplocalhostpanopticonex
To httplocalhost[installedlocation]
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
48
To enable address translation support in the Java server a further WAR file panopticondmzwar needs to be deployed This deployed WAR file needs a separate
configuraton file ldquopanopticondmzxmlrdquo in the confCatalinalocalhost folder
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=httplocalhost8080panopticonex gt
ltContextgt
In this file the EXServices environment variable is set to point to the local instance
External users would then access the DMZ instance which would direct traffic to the local instance
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
49
Both the servers can exist behind a reverse proxy server such as Apache However in order for the reverse proxy to perform the SSL encryption (off-loading the task from the underlying Datawatch server) further configuration is required
For Apache 249 the httpdconf would typically look like
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass [entry point] [Datawatch Server URL]
ProxyPassReverse [entry point] [Datawatch Server URL]
CacheDisable
Where
entry point is the folder path to forward by the proxy
Datawatch Server URL is the URL to the underlying Datawatch Server ndash Visualization edition
Example
SSLProxyEngine On
RequestHeader set Front-End-Https On
ProxyPass panopticonex httplocalhostpanopticonex
ProxyPassReverse panopticonex httplocalhostpanopticonex
CacheDisable
For the NET Server the entry point and Datawatch Server ndash Visualization Edition URL must refer to the same folder eg panopticonex
The java applet communicates back the server over the defined web service As different web service calls are made whether the request is over HTTP or over HTTPS this impacts the use of a reverse proxy to perform authentication
The NET Server is enabled by default for this scenario and actually will only support direct SSL access after modification of the webconfig
The Java server is disabled by default for this scenario To enable this please edit the webxml in the Tomcat Datawatch server deployment
Example webappspanopticonexWEB-INFwebxml
So that the Confidential lines on lines 39 and 52 are commented out
From lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt
To lt--lttransport-guaranteegtCONFIDENTIALlttransport-guaranteegt --gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
50
The Java Server supports Forms based authentication through modifying the webxml to replace
ltlogin-configgt
ltauth-methodgtBASICltauth-methodgt
ltrealm-namegtRealmltrealm-namegt
ltlogin-configgt
With
ltlogin-configgt
ltauth-methodgtFORMltauth-methodgt
ltform-login-configgt
ltform-login-pagegtloginhtmlltform-login-pagegt
ltform-error-pagegtlogin-failedhtmlltform-error-pagegt
ltform-login-configgt
ltlogin-configgt
And adding loginhtml and login-failedhtml to the root of the web application
Typically these new pages would be styled as appropriate with the loginhtml including the following form
ltform method=POST action=j_security_checkgt lttablegt lttrgt lttd colspan=2gtLogin to the Applicationlttdgt lttrgt lttrgt lttdgtNamelttdgt lttdgtltinput type=text name=j_username gtlttdgt lttrgt lttrgt lttdgtPasswordlttdgt lttdgtltinput type=password name=j_password gtlttdgt lttrgt lttrgt lttd colspan=2gtltinput type=submit value=Go gtlttdgt lttrgt lttablegt ltformgt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
51
Single Sign On (SSO) for the NET Server requires custom configuration which is provided as a consulting engagement
When using Tomcat the Java server supports Single Sign On (SSO) through SAML2 by
1 Update panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out the ltlogin-configgt section
Comment out the ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
- RequestWrapper
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssosamlAuthFilter
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters (ltfiltergt) listed below
- SecurityFilter_Authenticated
- SecurityFilter_Authenticated_SSL
2 Update the WAR file configuration file ldquopanopticonexxmlrdquo in the ldquoconfCatalinalocalhostrdquo folder to add the following additional lines
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=SAMLUserNameAttributegt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=SAMLUserGroupAttributegt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=SAMLSpProviderId gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=SAMLIdpSsoUrlgt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=SAMLAscUrl gt
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
52
ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=SAMLLogoutUrl gt
Where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
3 Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
4 Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
53
When using Tomcat hosted on a Windows machine the Java server can be configured to integrate into Active Directory Additionally to support Active Directory authentication work you need to make sure that
The server computer must be part of the Windows domain against what we will be
authenticating users
A Service Principal Name (SPN) must be registered with Active Directory which assumes the role of the Key Distribution Center in a Windows domain The SPN maps to the
Windows account More httpsupportmicrosoftcomkb929650
This is enabled through
1 Edit the webxml in the Tomcat Datawatch Server ndash Visualization Edition deployment
Example webappspanopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below change filter class (ltfilter-classgt) value to
companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to the application by changing
parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for
the filters (ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
2 Unzip the supplied JARS from the custom-adzip into the Tomcat lib Folder
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
54
This includes guava-1601jar jna-400jar jna-platform-400jar
log4j-1216jar slf4j-api-172jar waffle-jnajar waffle-
tomcat7jar
3 Restart Tomcat
NOTE
This Active Directory integration is not available when deploying on Linux
For an internet facing deployment the server may be required to be split into two separate components
Internal ndash with access to data sources
DMZ ndash with Internet access and access to internal server
This is partially supported in both the NET and Java servers
In this scenario only the internal server would have access to data and store workbooks
The NET server supports the HTML client in the split deployment scenario
To enable this
1 Install the server onto two machines
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ located instance set the DynamicServerAddress in
WebAppSettingsconfig to
ltadd key=DynamicServerAddress value=False gt
4 In the DMZ located instance set all URL references in the webconfig
From httpdemopanopticoncomsungardappserver
To Required URL for internal server as accessed by DMZ server
When using Tomcat the Java server supports split server deployment in a similar way to
supporting network address translation but instead of deploying the two WAR files on a single machine they are now deployed on separate machines
To enable this configuration
1 Install the internal Java server as normal
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
55
2 Confirm the URL for the internal server as accessed by the DMZ server
3 In the DMZ server install the panopticondmz WAR file
This deployed WAR file needs a separate configuraton file panopticondmzxml in the
confCatalinalocalhost folder of the DMZ server
With the following contents
ltxml version=10 encoding=UTF-8gt
ltContext antiJARLocking=true path=panopticonexgt
ltEnvironment name=PanopticonExAppData
override=false
type=javalangString
value=Cpanopticonexappdata gt
ltEnvironment name=ExServices
override=false
type=javalangString
value=[Internal Server URL] gt
ltContextgt
In this file the EXServices environment variable is set to point to the internal instance
External users would then access the DMZ instance which would direct traffic to the local instance
Basic Authentication
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
56
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Active Directory Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssoadAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the
following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
57
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
SAML Integration
Edit panopticondmzWEB-INFwebxml
For the filters listed below make sure that filter class (ltfilter-classgt) value is set
to companopticonssosamlAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter
value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit the application configuration file panopticondmzxml
Add the following parameters to the context
ltEnvironment name=SAMLUserNameAttribute override=false type=javalangString value=urnoid0923421920030010011gt ltEnvironment name=SAMLUserGroupAttribute override=false type=javalangString value=urnoid13614159231111gt ltEnvironment name=SAMLSpProviderId override=false type=javalangString value=httpexamplecommetadata gt ltEnvironment name=SAMLIdpSsoUrl override=false type=javalangString value=httpexamplecomSSOServicegt ltEnvironment name=SAMLAscUrl override=false type=javalangString value=httpmywebsitecom gt ltEnvironment name=SAMLLogoutUrl override=false type=javalangString value=httpexamplecomlogout gt
where
SAMLUserNameAttribute - SAML attribute that exposes the user name
SAMLUserGroupAttribute - SAML attribute that exposes the user groups
SAMLSpProviderId - the Id of the Identity Provider (as exposed by Identity Provider
metadata)
SAMLIdpSsoUrl - the sso http-redirect endpoint of the identity provider
SAMLAscUrl - the Assertion Consumer Service URL Leave empty if not used
SAMLLogoutUrl - the Identity Provider logout URL Leave empty if not used
Edit panopticonexWEB-INFwebxml
Comment out all the ltsecurity-constraintgt sections
Comment out ltlogin-configgt section
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
58
Comment out ltsecurity-rolegt section
Uncomment filters (ltfiltergt) and filter mappings (ltfilter-mappinggt) with the following names (ltfilter-namegt)
SecurityFilter_DMZ
RequestWrapper
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
For the filters listed below make sure that filter class (ltfilter-classgt) value is set to companopticonssobasicAuthFilter
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Edit roles with which users should have access to application by changing parameter value (ltparam-valuegt) with parameter name (ltparam-namegt) role for the filters
(ltfiltergt) listed below
SecurityFilter_Authenticated
SecurityFilter_Authenticated_SSL
Unzip the supplied JARS from the custom-samlzip into the Tomcat lib Folder
This includes bcprov-ext-jdk15on-150jar guava-150jar joda-time-
23jar opensaml-261jar openws-151jar slf4j-api-172jar
xmlsec-155jar xmltooling-131jar
Restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
59
Resources for Testing and Diagnostics of Datawatch Server - Visualization Edition are delivered with the installation package
In case of any unexpected result when directing your browser to the URL of your installed
Datawatch Server - Visualization Edition (for example httplocalhostpanopticonex
) then check basic functionality and access by viewing the diagnostic test pages published
under the panopticonextest folder
IMPORTANT If you get a HTTP 403 error message when accessing the test page URL (For example httplocalhostpanopticonextest ) it indicates that your IIS does not
have the document name defaulthtm listed among the Default Documents for the test folder
Solve this by either editing the Default Documents list of the test folder in the IIS management console or specify the default page manually as part of the URL For example
httplocalhostpanopticonextestdefaulthtm
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
60
Issues are investigated and resolved through investigation and controlled reproduction A number of known issues are included in the next section and predominately relate to problematic installations of the MS NET Framework and incorrect permissioning
If you experience an unknown issue send complete details to supportdatawatchcom
Be sure to send this important information to Datawatch Support in the event of a problem
This file is located under the Server installation path within the App_Data folder
For example cinetpubwwwrootpanopticonexApp_DataLogtxt
The level of detail for this log file is configured at the bottom of the
WebAppSettingsconfig By default it is set to Error while the most verbose is Info
Include your Desktop Designer Workbook amp associated data sources if the issue is specific to a particular Workbook
When using Tomcat 8 edit confloggingproperties file to display the package classor
method names in the log file instead of having a ldquonullrdquo value
Steps
1 Stop the Tomcat service
2 Open the file confloggingproperties
3 Change all instances of AsyncFileHandler to FileHandler
4 Save the updated file and restart Tomcat
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
61
Installation of Server can proceed only after MS NET Framework 4 is installed The Datawatch Server ndash Visualization Edition also requires Microsoft Internet Information Services (MS IIS)
If you attempt to install Datawatch Server ndash Visualization Edition without MS IIS you will see the following message
Click OK and then Close to get this dialog
If MS IIS is installed after the NET Framework is installed the NET Framework will not be correctly registered with the IIS web server
This will create an error in the Datawatch Server ndash Visualization Edition installation
Click Close
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
62
To resolve this issue
Execute the supplied Batch file Register_NET_With_IISbat
Manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv4030319
3 Run aspnet_regiis ndashi
This configures the web server with ASPNET
For 64-bit instances of Datawatch Server ndash Visualization Edition the following manual steps should be completed
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFramework64v4030319
3 Run aspnet_regiis ndashi
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
63
After installation you can access Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if the application pool is not set to use NET 4
To change the Application Pool to NET 4
1 Open the IIS Manager and select panopticonex
2 Right click and select Manage Application gt Advanced Settings from the popup
context menu
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
64
The currently utilized application pool is listed
3 Now click on Application Pools from within the IIS Manager
4 Select the currently utilized application pool right-click and select Advanced Settings from the context menu
5 Change the NET Framework Version to v40 and click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
65
After installation you can access the Datawatch Server ndash Visualization Edition for NET with this URL
httplocalhostpanopticonex
However you will see the following screen if Windows Authentication has not been enabled
To enable Windows Authentication with MS IIS v7 or later
Select the folder and display authentication properties by clicking the Authentication icon
If configured correctly the server will display the following screen
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
66
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
67
The addition of a Datawatch Server ndash Visualization Edition for NET license will fail as shown if the folder permissions have not been set correctly
The web server folder called panopticonex must have Modify permissions for the ASPNET user account
IMPORTANT The web server folder called panopticonex must also have Modify permissions for the Network Service group
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
68
The server will show a faulted state if the permissions on the Windows temporary folder are set incorrectly
If the error ldquoSystemServiceModelChannelFactory cannot be used for communication because it is in a Faulted staterdquo occurs when accessing
httplocalhostpanopticonex
Then access the web service URL directly For example
httplocalhostpanopticonexpanopticonserversvc
This page returning with the ldquoUnable to generate a temporary classrdquo message confirms that the issue is related to incorrect permissioning on the Windows temporary folder This prevents the NET framework operating correctly
The Windows Temp folder must have Modify permissions for the ASPNET user account
See the File Permissions section above for more details
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
69
This error is due to over restrictive MS IIS configuration settings that prevent changes to the IIS configuration
The problem is detailed at length in the Microsoft Knowledge Base article 267904 which is highlighted in the error message
For example
httpsupportmicrosoftcomkbid=267904
The resolution for this error is listed at the bottom of the knowledge base article and involves updating the permissions on the IIS metabase
This is achieved through
1 Open a command prompt
2 Run cd WINDIRMicrosoftNETFrameworkv2050727
3 Run aspnet_regiisexe ga [useraccount for IIS]
For example aspnet_regiisexe ga aspnet
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
70
This error is due to an incorrect installation of the NET Framework
You must re-install the Windows Communication Foundation (WCF) to correct this error
To resolve this issue in windows versions excluding Windows 8 either execute the following batch file supplied with the Datawatch Server - Visualization Edition installation package
(Register_WCFbat) or manually perform the following steps
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFrameworkv30Windows Communication
Foundation
3 Run ServiceModelReg -r
This re-installs the WCF Enter Y to confirm installation at the Are You Sure prompt
For 64-bit instances of the Server ndash Visualization Edition
1 Open a command prompt
2 Run cd WINDIRMicrosoftNetFramework64v30Windows Communication
Foundation
3 Run ServiceModelReg ndashr
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
71
In Windows 8 ensure that WCF Services are enabled
eg Through Control Panel gt Programs and Features gt Turn Windows features on or off
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
72
If you access the server by a fully qualified domain name (FQDN) such as for example
httpdashboardcontosocompanopticonex and get a 401 error message when
submitting a valid username and password it is an indication that you may have a problem caused by a security feature of Microsoft Internet Information Server called Loopback Check
The problem occurs as follows
When logging in to Server ndash Visualization Edition the user is authenticated by the IIS for access to the ASPX-pages of the Server ndash Visualization Edition web application The protected ASPX-pages in turn pass on authentication credentials to the Server ndash Visualization Edition web service - but fail due to the Loopback Check of the MS IIS
This problem can occur when the following criteria are met It may also apply in other situations
You access the server by a FQDN surfing either locally from the server itself or from a
different machine on the internal network or from an external IP-address
You are running the desktop operating system MS Windows XP SP2 or later or the server operating system MS Windows Server 2003 SP1 or later
You are running Microsoft Internet Information Server (MS IIS) 51 or later
The error message is any 401-type of message either 4011 or 4012 substatus code Potentially other substatus codes could also occur
You can successfully reach Protectedaspx when accessing the server by local machine
name or internal IP-number
The following test page of Server ndash Visualization Edition can help you investigate this matter
httpSUBDOMAINTOPpanopticonextestAuthenticationTestaspx
where you replace SUBDOMAINTOP with your own domain information
For information on how to remediate this problem please consult the following Microsoft Knowledgebase article httpsupportmicrosoftcomkb896861
As of December 2011 Microsoft recommends this solution
1 Set the DisableStrictNameChecking registry entry to 1 For more information about
how to do this click the following article number to view the article in the Microsoft
Knowledge Base
281308 ndash Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2 Click Start click Run type regedit and then click OK
3 In Registry Editor locate and then click the following registry key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0
4 Right-click MSV1_0 point to New and then click Multi-String Value
5 Type BackConnectionHostNames and then press ENTER
6 Right-click BackConnectionHostNames and then click Modify
7 In the Value data box type the host name or the host names for the sites that are on the local computer and then click OK
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
73
8 Quit Registry Editor and then restart the IISAdmin service
This error is typically due to the Server ndash Visualization Edition for NET 32-bit using a 64-bit
NET Application Pool and a workbook is requesting data from a 32-bit data plugin Consequently the Server for NET is unable to access data plugins that are only available to 32-bit processes
To resolve this issue on IIS7+
1 From within the IIS Manager select the application pool which is running the Datawatch
Server - Visualization Edition and click Advanced Settings
2 In the Advanced Settings dialog set the Enable 32-Bit Applications option to True (find
this option in the General section)
On IIS 60 (for example on Windows Server 2003) the whole of IIS must be set to a 32-bit mode
To enable IIS 60 to run 32-bit applications please consult the Microsoft IIS documentation entitled Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 60)
Alternatively
1 Open a command prompt and navigate to the systemdriveInetpubAdminScripts directory
2 Type the following command
cscriptexe adsutilvbs set W3SVCAppPoolsEnable32BitAppOnWin64
ldquotruerdquo
3 Press ENTER
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
74
If the data is too big an out of memory exception may occur You may increase the memory for the Java server in Tomcat
To resolve out of memory exception
1 Stop the Tomcat service
2 Click the Show Hidden Action on the bottom right of your desktop to display the
Apache Tomcat icon
3 Right-click and select Configure The Apache Tomcat Properties dialog is displayed
4 Select the Java tab
5 Set the Initial memory pool to 1GB
6 Set the Maximum memory pool to 2GB
7 Click OK
8 Restart the Tomcat service to apply the changes
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-
Datawatch Server - Visualization Edition 126 Installation amp Troubleshooting Guide
copy2015 Datawatch Corporation Datawatch Desktop Datawatch Desktop Designer and Datawatch Server ndash Visualization Edition are trademarks of Datawatch Corporation All other trademarks or registered trademarks are properties of their respective owners
- [1] Overview
-
- Installation Packages
- Datawatch Server - Visualization Editions
- Licensing
- System Requirements
-
- For NET Edition
- For Java Edition
-
- [2] Installation of Datawatch Server ndash Visualization Edition for NET
-
- Setting up prerequisites
- Installing Datawatch Server ndash Visualization Edition for NET
- NET Data Connectors Third Party Software Installation
-
- StreamBase 71
- StreamBase LiveView 15
- SAP Sybase ESP and JMS
- OneTick
- Thomson Reuters TREP-RT
- IBM Cognos TM1
- Perfmon
- Other Connectors
-
- Datawatch Server - Visualization Edition for NET MS IIS Configuration
-
- File Permissions
- MS IIS Web Server Authentication Schemes
-
- MS IIS ndash Application Pool Settings
-
- Connecting to 32-bit Data Sources on a 64-bit Edition of Windows
- Application Pool Idle Time Out and Recycle Settings
- Application Pool Identity Settings
-
- Oracle ODBC OLEDB Driver Configuration for MS IIS Deployments
-
- [3] Installation of Datawatch Server ndash Visualization Edition for Java
-
- Addition of Metro to Tomcat
- Installing Datawatch Server - Visualization Edition for Java on Tomcat
-
- Configuring Java server Logs
- Increase Java Heap size for Tomcat
-
- Java Data Connectors ndash Third Party Software Installation
-
- [4] Server Caches amp Configuration
-
- NET Server
- Java Server
- R and Python Transform Support
-
- R Integration
- Python Integration
-
- [5] Running Datawatch Server ndash Visualization Edition for the First Time
-
- For the NET Edition
- For the Java Edition
- Datawatch Server ndash Visualization Edition for NET - Optional Post-Installation Clean-up of Test Files
-
- [6] Upgrading
-
- Upgrading Datawatch Server - Visualization Edition for NET
-
- Upgrading
- Uninstalling and Re-Installing
-
- Upgrading Datawatch Server - Visualization Edition for Java
-
- [7] Advanced Server Deployments
-
- Usage in SSL Enabled Environments
- Network Address Translation
-
- NET Server
- Java Server
-
- Reverse Proxy Server Usage
-
- SSL Off-Loading to the Reverse Proxy
-
- Forms Based Authentication
- Single Sign On (SSO)
-
- NET SSO
- Java SSO
-
- Datawatch Server ndash Visualization Edition for Java - Active Directory Integration
- Split Server DMZ Deployment
-
- Split NET Deployment
- Split Java Deployment
-
- Basic Authentication
- Active Directory Integration
- SAML Integration
-
- [8] Troubleshooting
-
- Files for Testing and Diagnostics
- Resolving Installation Issues
-
- Server Log
-
- Log Variables Displayed as ldquonullrdquo
-
- [9] Known Issues
-
- Datawatch Server - Visualization Edition Will Not Install
- Server Error HTTP Error 50019 Interval Server Error
- The Requested Service Could Not Be Activated
- Server Error on License Addition
- Faulted State ndash Server Error ndash Unable to Generate a Temporary Class
- Server Error ndash Failed to Access IIS Metabase
- There Was No Endpoint Listening
- HTTP 401 type error message (Unauthorized) when logging in
- Unable to load data Unable to load plugin with iD
- Out of Memory Exception
-