Here at BizXcel, we just upgraded our Qlik Sense 1.1 server to Qlik Sense 2.0.1 and had a couple “growing” pains that I want to share and how to work around them. The upgrade to Qlik Sense 2.0 was simple and didn’t produce any errors except that when we logged in the /hub no applications where visible to any users. After reviewing the Apps section of the QMC, I noticed that all of our applications had a Migration status of ‘Unknown’. This got to me to thinking that any Qlik Sense 1.1 applications had to undergo an upgrade from 1.1 to 2.0 as well. After looking around, I was able to find migrations logs located at ‘C:\ProgramData\Qlik\Sense\Log\AppMigration’ in a default install. Once I opened the logs I found the following message.
Logger Severity Date MicroSeconds Message
17b3e342-7d61-4abd-ab07-0fc9c51e3c94 INFO 2015-07-02T17:04:18.038Z 576059360.5 Initial state set to 'Migration pending'
17b3e342-7d61-4abd-ab07-0fc9c51e3c94 INFO 2015-07-02T17:04:18.040Z 576061226 Transitioned state from 'Migration pending' to 'Migration in progress'
17b3e342-7d61-4abd-ab07-0fc9c51e3c94 WARN 2015-07-02T17:04:18.256Z 576277020.1 Migration failed: Hostname/IP doesn't match certificate's altnames: Error: Hostname/IP doesn't match certificate's altnames\n at SecurePair.<anonymous> (tls.js:1389:23)\n at SecurePair.emit (events.js:92:17)\n at SecurePair.maybeInitFinished (tls.js:979:10)\n at CleartextStream.read [as _read] (tls.js:471:13)\n at CleartextStream.Readable.read (_stream_readable.js:340:10)\n at EncryptedStream.write [as _write] (tls.js:368:25)\n at doWrite (_stream_writable.js:225:10)\n at writeOrBuffer (_stream_writable.js:215:5)\n at EncryptedStream.Writable.write (_stream_writable.js:182:11)\n at write (_stream_readable.js:601:24)\nFrom previous event:\n at Function.Promise$Defer (C:\\Program Files\\Qlik\\Sense\\ServiceDispatcher\\Node\\migration-service\\src\\node_modules\\bluebird\\js\\main\\promise.js:267:13)\n at new e (C:\\Program Files\\Qlik\\Sense\\ServiceDispatcher\\Node\\migration-service\\src\\migrate\\mocks\\deferred.js:1:127)\n at Object.o.rpc (C:\\Program Files\\Qlik\\Sense\\ServiceDispatcher\\Node\\migration-service\\web\\assets\\core\\models\\rpc-session.js:1:2575)\n at o.rpc (C:\\Program Files\\Qlik\\Sense\\ServiceDispatcher\\Node\\migration-service\\web\\assets\\core\\models\\engine.js:1:2297)\n at o [as openDoc] (C:\\Program Files\\Qlik\\Sense\\ServiceDispatcher\\Node\\migration-service\\web\\assets\\core\\models\\engine.js:1:1452)\n at Object._.openApp (C:\\Program Files\\Qlik\\Sense\\ServiceDispatcher\\Node\\migration-service\\web\\assets\\core\\models\\engine.js:1:2706)\n at C:\\Program Files\\Qlik\\Sense\\ServiceDispatcher\\Node\\migration-service\\src\\migrate\\migrate.js:1:959\nFrom previous event:\nFrom previous event:\n at new Promise (C:\\Program Files\\Qlik\\Sense\\ServiceDispatcher\\Node\\migration-service\\src\\node_modules\\bluebird\\js\\main\\promise.js:84:37)
17b3e342-7d61-4abd-ab07-0fc9c51e3c94 INFO 2015-07-02T17:04:18.257Z 576278677.3 Transitioned state from 'Migration in progress' to 'Migration failed'
17b3e342-7d61-4abd-ab07-0fc9c51e3c94 INFO 2015-07-02T17:04:18.258Z 576279473.3 Notifying callback URI
17b3e342-7d61-4abd-ab07-0fc9c51e3c94 WARN 2015-07-02T17:04:18.289Z 576310403.4 Failed to notify callback URI 'https://XXX.XXX.XXX.XXX:4242/qrs/app/17b3e342-7d61-4abd-ab07-0fc9c51e3c9...Hostname/IP doesn't match certificate's altnames
17b3e342-7d61-4abd-ab07-0fc9c51e3c94 INFO 2015-07-02T17:04:18.290Z 576311158.9 Log closed, migration completed
If you look closely at this log, you will see two errors with the same error message “Hostname/IP doesn't match certificate's altnames”. The first error is the invocation of the migration script and the second is the message the migration status back the console.
To fix the problem, you need to make two changes to Qlik Sense 2.0 Migration Service application files. Start by stopping the Qlik Sense Repository Service(with related services Scheduler, Engine and Proxy) and the Qlik Sense Dispatcher.
Promise.js located at C:\Program Files\Qlik\Sense\ServiceDispatcher\Node\Migration-Service\src\node_modules\bluebird\js\main\promise.js. Between lines 84 and 85 the following new line should be inserted ‘process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;’
The second change is to requests.js in C:\Program Files\Qlik\Sense\ServiceDispatcher\Node\Migration-Service\src\utils\request.js. In this file, you will find ‘rejectUnauthorized: !0,’ change it to be ‘rejectUnauthorized: 0,’.
Once you have completed these two changes, you can start up with Repository, Scheduler, Engine, Proxy and Dispatcher services. Then log into the QMC and go to App, select the application you would like to migrate to 2.0. Once the application is selected, you can press the Migrate button at the bottom of the screen and it should now migrate without any problems.
I believe the issue that we encountered is an issue with how node.js handles self-signed certificates that use IP addresses instead of hostnames. I.e. our Qlik Sense server uses XXX.XXX.XXX.XXX instead of qliksense.bizxcel.com. Reading https://github.com/chilts/awssum/issues/164 gave me the information needed to work around this problem. I do recommend after doing the application migrations that you remove the changes made so that any security issues introduced with the changes are removed from the code going forward.