Page 1 of 1

Using old clients with new planning analytics server

Posted: Tue Feb 20, 2018 1:52 pm
by Analytics123
Hi we are having client 10.1 and planning to connect with new planning analytics server . is this compatible and possible to use the old client with the new server . If anyone has achieved this please let us know .

Thanks,
Admin : see the linked post in this thread for the important post in this thread http://www.tm1forum.com/viewtopic.php?f ... 785#p68776

Re: Using old clients with new planning analytics server

Posted: Tue Feb 20, 2018 2:57 pm
by Elessar
Hello! What do you mean by "client"? Architect, Perspectives, CAFE, Perf. Modeler, Cognos Insight?

Usually, you can connect using old clients to new server, but you should turn ON supportpretlsv12clients parameter in tm1s.cfg: http://www-01.ibm.com/support/docview.w ... wg27048181

Re: Using old clients with new planning analytics server

Posted: Tue Feb 20, 2018 3:23 pm
by Analytics123
Yes we want architecture to connect . We are in 10.1 and trying to connect to IBM Planning Analytics .

I have added the entry in the config file
SupportPreTLSv12Clients=T and restarted the server .

But the server shows up but we could not login to it .

Re: Using old clients with new planning analytics server

Posted: Tue Feb 20, 2018 3:50 pm
by Elessar
What do you mean by "could not login"? The login window did not appear? Are there any errors?

Re: Using old clients with new planning analytics server

Posted: Tue Feb 20, 2018 4:02 pm
by Analytics123
we see the server on double clicking on the server nothing happens, Will not show me the login credentials to enter or log me in through integrated login . But it works with the new client .

I alos have additional parameter IPAddress= T
SupportPreTLSv12Clients=T

in the config files.

Re: Using old clients with new planning analytics server

Posted: Wed Feb 21, 2018 6:31 am
by ykud
I think PAL and TM1 10.x use different security certificates, can you check the versions / sizes of applix.ca file in bin64/ssl folder for PA and 10.1 client?

Difference in ssl certs would look exactly as you describe (see the server, cannot connect). You can enable the Login logging in tm1 server to see whether there's a SSL handshake issue.

Cheers,
Y

Re: Using old clients with new planning analytics server

Posted: Thu Mar 22, 2018 2:10 pm
by mberson
Having this same experience as well. We often use the older version of Perspectives/Architect to connect to the new and old version of servers during an upgrade project. We opened a ticket with IBM and they stated that Perspectives/Architect 10.1.x and 10.2.x will not be able to connect to PA Local 2.0.x whc.

Haven't looked into the SSL certs yet, but that does make sense.

Any other feedback on this?

Re: Using old clients with new planning analytics server

Posted: Fri Mar 23, 2018 5:34 pm
by qml
We have a PAL 2.0.4 server and our users are using a multitude of Perspective/Architect versions, going back as far as version 9.5.1. Here are the things that need to be done:

1) set the TM1 Admin server to support pre-TLS v1.2 clients via Cognos Configuration

2) add in tm1s.cfg:

Code: Select all

SupportPreTLSv12Clients=T
SSLCertificateID=TM1Server
SSLCertAuthority=ibmtm1.arm
3) copy ibmtm1.arm file from PA2 installed directory to bin/ssl and bin64/ssl folders of Perspectives/Architect installation (or, really, anywhere else on the client machine or a network share accessible from it)

4) change in TM1 Options in Perspectives/Architect:
Certicate Authority: full path to the copied ibmtm1.arm file
CertificateID: TM1Server (case-sensitive)

Re: Using old clients with new planning analytics server

Posted: Sun Mar 25, 2018 12:23 pm
by tomok
qml wrote:
Fri Mar 23, 2018 5:34 pm
We have a PAL 2.0.4 server and our users are using a multitude of Perspective/Architect versions, going back as far as version 9.5.1. Here are the things that need to be done:
1) set the TM1 Admin server to support pre-TLS v1.2 clients via Cognos Configuration
2) add in tm1s.cfg:
SupportPreTLSv12Clients=T
SSLCertificateID=TM1Server
SSLCertAuthority=ibmtm1.arm
3) copy ibmtm1.arm file from PA2 installed directory to bin/ssl and bin64/ssl folders of Perspectives/Architect installation (or, really, anywhere else on the client machine or a network share accessible from it)
4) change in TM1 Options in Perspectives/Architect:
Certicate Authority: full path to the copied ibmtm1.arm file
CertificateID: TM1Server (case-sensitive)
Can I recommend we put this post in the Tips and Tricks section? Great info, thanks.

Re: Using old clients with new planning analytics server

Posted: Sun Mar 25, 2018 10:50 pm
by macsir
qml wrote:
Fri Mar 23, 2018 5:34 pm
We have a PAL 2.0.4 server and our users are using a multitude of Perspective/Architect versions, going back as far as version 9.5.1. Here are the things that need to be done:
1) set the TM1 Admin server to support pre-TLS v1.2 clients via Cognos Configuration
2) add in tm1s.cfg:
SupportPreTLSv12Clients=T
SSLCertificateID=TM1Server
SSLCertAuthority=ibmtm1.arm
3) copy ibmtm1.arm file from PA2 installed directory to bin/ssl and bin64/ssl folders of Perspectives/Architect installation (or, really, anywhere else on the client machine or a network share accessible from it)
4) change in TM1 Options in Perspectives/Architect:
Certicate Authority: full path to the copied ibmtm1.arm file
CertificateID: TM1Server (case-sensitive)
Brilliant! Thanks for sharing. I got it working on my current 10.2.2 fp4 client to connect to PA2 server by changing the configurations above. Just need to remember to reboot your admin host after changing in Cognos Configuration.
A quick Q, is there any difference between the old client of V10 and PA client when connecting to PA2 server? Especially from end user point of view?

Re: Using old clients with new planning analytics server

Posted: Mon Mar 26, 2018 12:29 pm
by lotsaram

Re: Using old clients with new planning analytics server

Posted: Tue May 08, 2018 1:29 pm
by Paul Segal
Just in case anyone else goes down the same rabbit hole:

Step 3 on Kamil's post implies (or at least it did to me) that you don't need to add the ibmtm1.arm file to the local install \ssl directory. Using 10.2 and 10.2.2 it wouldn't work for me unless that file is in the \ssl directory, no matter which directory I pointed the SSL Certificate Authority to.

Re: Using old clients with new planning analytics server

Posted: Mon May 14, 2018 2:04 pm
by qml
Paul Segal wrote:
Tue May 08, 2018 1:29 pm
Step 3 on Kamil's post implies (or at least it did to me) that you don't need to add the ibmtm1.arm file to the local install \ssl directory. Using 10.2 and 10.2.2 it wouldn't work for me unless that file is in the \ssl directory, no matter which directory I pointed the SSL Certificate Authority to.
Hi Paul, that is interesting. My post was indeed meant to imply that you don't need to put the file in the ssl directory. In newer Windows versions Program Files is locked down and you'd need admin access to put any files in there, which is often not possible. In all my testing simply linking to an external, network share holding ibmtm1.arm worked without having to put the file in the ssl folder.
Can you tell me more about your setup? Is it only Architect/Perspectives? Are you using any VBA or any other custom stuff?

Re: Using old clients with new planning analytics server

Posted: Mon May 14, 2018 2:29 pm
by Paul Segal
Hi Kamil,

The only non-vanilla thing is that this is running on Citrix, and the way this is set up I don't have access to the \ssl directory for the Citrix image to add the imbtm1.arm file. It is only Architect/Perspectives for the moment. I tried it on a local copy of TM1 and I had the same issue. Clients are 10.2 and 10.2.2. The only way I could get this to work was to set UseSSL=F on the server, and then the TM1 server instances are visible and I'm able to log in. If I don't do this, the instances are visible, but I get the hour glass and no login pop-up.