on 04-16-2015 6:23 PM
Hello,
here is a problem we encounter with TREX indexing portal KM repositories.
A) Dev System works fine, for example:
1. Indexing is triggered by "Redindexing" a queue
2. The queue starts working, the TREX monitor shows documents process across the several states (e.g. preprocessing) etc.
3. you can see from the portal log that the user index_service accesses the portal to retrieve content:
LOGIN.OK
User: index_service
IP Address: xxx.xx.xx.xx
Authentication Stack: ticket
Authentication Stack Properties:
logon_policy = default
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok true true
[...]
#10 ume.configuration.active = true
2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL ok true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT ok false
4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok true
5. com.sap.security.core.server.jaas.CreateTicketLoginModule REQUISITE ok false
Central Checks true
Logon policies are disabled
As you can see the EvaluateTicketLoginModule is successful for user index_service
B) Production System does not work
1. Indexing is triggered by "Redindexing" a queue
2. The queue starts working, the TREX monitor shows all documents size > 10 KByte fail in state "Preprocessing failed" / 401 unauthorized
3. The log on the TREX server shows that the crawler wants to access a certain KM document for content retrieval (with a correct access URL)
4. you can see from the portal log that the user index_service is not able to log on the portal to retrieve content:
User: N/A
IP Address: xxx.xx.xx.xx
Authentication Stack: ticket
Authentication Stack Properties:
logon_policy = default
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule SUFFICIENT ok exception true Received no SAP Authentication Assertion Ticket.
[...]
2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL ok exception true SPNego authentication has failed during previous attempt.
3. com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT ok false true
4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok false false
5. com.sap.security.core.server.jaas.CreateTicketLoginModule REQUISITE ok false true
No logon policy was applied
As you can see the error message during logon is "Recieved no SAP Authenticatino Assertion Ticket".
Of course we THINK that configuration of both systems is the same. But obviously this is not the case.
So Question:
What can cause the fact, that in case B) no assertion ticket is present at the requests from TREX?
What kind of configuration or difference can be the reason?
Best regards
Ingo
Hi Ingo,
I would normally expect to see 401 unauthorized errors being returned in relation to the indexing of KM Content if the alternative host has not been configured in the URL Generator Service (System Admin > System Configuration > KM > CM > Global Services). It should be configured as outlined in the following documentation -
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Cathal for your recommendation. I double checked the alternative host in KMC Configuration. It is set to the correct hostname of the portal system.
Unfortunately I am not able to open the link you have provided (it's SAP internal only). Is this content also available for public? Or could you provide the most important facts here?
Best regards
Ingo
Hi Mikhail,
this is a TREX 7.0.06.0 on Windows 2003.
The TREX Log says:
[26604] 2015-04-27 15:04:31.205 e preprocessor Preprocessor.cpp(00891) :
HTTPHEAD failed for URL http://s*********p:50000/irj/go/km/docs/MarketingDokumente_Neu/MarketingPR/Metal%20Components/Produk... with Httpstatus 401
[26604] 2015-04-16 14:58:31.205 e preprocessor Preprocessor.cpp(03454) : HANDLE: DISPATCH - Processing Document with key '/MarketingDokumente_Neu/MarketingPR/Metal Components/Alu-Grauguss/Produktfotos/GG_GGG/GG_011.jpg' failed, returning PREPROCESSOR_ACTIVITY_ERROR (Code 6401)
Does this mean anything to you?
Best regards
Ingo
Hi Ingo,
I'm very surprised to see so old version of TREX installed on your system . As I remember the
REV 06 was a pilot version of the TREX 7.00 and supposed to be replaced by the Revision 25 as soon as this was released in 2006 . Anyway this version is extremly old (more than 9 years) now and need to be updated. As I remember we have had some issues with the updating of the topology file in TREX with the ticket information generated by KM/Portal.
Unfortunately an update to the newest TREX 700 REV 51 isn't possible , so you need to
uninstall TREX instance and install either TREX 700 REV 51 or TREX 710 REV 64 . The TREX 710 is 64 bit application , so most likely you can not install this on the same host where TREX 700 is currently running . However the Windows 2003 will be out of support starting 14.07.2015 .Is there a schedule plan by you to migrate to Win 2008/2012?
Best regards,
Mikhail
Hm, you are right. The TREX console shows
Install Time: 2006-08-18
Nevertheless we have three systems running perfectly fine with this server
1. Portal 7.0 Dev
2. Portal 7.0 Prod
3. Portal 7.4 Dev
and only one system not working for files > 10 KByte
4. Portal 7.4 Prod
Having this in mind we would of course prefer to make the no. 4. running just like the no. 3 does already.
Best regards
Ingo
Hi Ingo,
all documents under 10 KB are sent to TREX as content directly , so we don't need to resolve URLs . NW 740 need TREX 710 and can not be usually connected to TREX 700.
I would like to recommend to update all existing TREX instances to 710 REV 64 . For the EP/KMC 700 is the TREX 700 still fine , however TREX 710 is recommended due to best stability and performance.
Best regards,
Mikhail
Hello Ingo,
Mikhail is right about the different way of indexing depending of the size of the file. We had a similar issue few years ago (an error code 6403 ("HTTP Status Code 403: Forbidden") with status
PReparation failed) with file > 10kb.
We solved it by addin the index_service user and password to the pre-processor.ini file.
Perhaps, check your TREX conf in this way, as you have the (logon,psw) login module it could work.
Olivier
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.