Skip to Content
0

Timeout error with BO Explorer 4.2 in BI launchpad with BO4.2 SP03

Apr 14, 2017 at 04:01 PM

669

avatar image
Former Member

Hello,

Our users are receiving a timeout error message in Infospace while in the BOE Launchpad. Our BOE timeout setting in Tomcat is 20 mins. We disable Explorer timeout = -1. Through testing and monitoring CMC session, we see that two sessions are created: BOE and Explorer.

One result we see during testing between 10-20 mins the BOE session is killed and Explorer session remain; users get the invalid logon token error message.

Second result we see during testing between 10-20 mins the Explorer session is killed and BOE session remain, however we still are able to perform exploration. After 40-60 mins we get the invalid logon token error message and we see that the BOE session is killed.

We get different results every time we time and cannot pinpoint the problem. Can someone shed light on why all sessions aren't killed after the 20 min timeout set in BOE (web.xml)?

Thank you ahead!

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

7 Answers

Best Answer
avatar image
Former Member Apr 21, 2017 at 10:28 PM
1

Thank you all for your help!!

We did open the case with SAP unfortunatly the employee working on the case is out till Monday...

Good news is if found the solution and fixed the problem.

The problem was in BO session management. Every time we login in BI Launchpad via SSO BO created AD session called BI Launchpad Session and when we open explorer it created another AD session called Explorer session. So we end up with 2 session doing the same job. After sometime BO session failover knocked out BI Launchpad session... and that is where the problem was.

After some investigation I figured out that as part of exploration servers default services Explorer was forced to SSO in and create a new AD Session every time we open Explorer infospace. To make long story short the fix was to disable SSO for explorer and since we access Explorer via BI Launchpad explorer utilize BI Launchpad session... and we end up with one session "BI Launchpad". I test the system multiple times for more than 90 minutes everything is working as it should.

Happy Friday everyone and Thank you all for your support,

Waleed

Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

By disabling Explorer SSO and changing explorer's session timeout to 2mins we ensure that users' sessions are killed in 2mins if they close IE browser,

0
Jawahar Konduru Apr 17, 2017 at 12:45 PM
1

session cleanup is much improved in later versions of BI 4.1 sp6 and above.

Check this blog, how the sessions will be cleared.

https://blogs.sap.com/2013/11/27/session-management-bible/

Share
10 |10000 characters needed characters left characters exceeded
Denis Konovalov
Apr 14, 2017 at 06:14 PM
0

when you use explorer in bilaunchpad you use 2 webapps, one is BOE and another is explorer. Intricacy of session handling between 2 webapps is what produces this behavior.
No idea on how to correct it.

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Apr 17, 2017 at 03:38 PM
0

@Jawahar - We reviewed the Session Management Bible article however it still does not resolve our issue. Users still received the "invalid secure token" error 8-10 mins into their initial log in. However once users logged out and log back in, they are able to explore the IS for 30-70 mins until their BOE session is killed, weather their explorer session is active or not (we disable explorer timeout as stated in the initial post). Seems like BOE session is the primary session driver, once BOE session is killed by Tomcat? or CMS? even if users has an explorer session alive - Explorer display the "invalid secure token" message.

Is there something in the background either from Tomcat, CMS, or etc that keeps alive a session after 20mins, however logs the users back in silently as describe in the Session Management Bible article?

We found additional configuration parameters: Watchdog and Workload delay in the BO Explorer Admin Guide 4.2. The guide recommended we set watchdog parameters to be higher than http session (default 20 mins); Workload.update.delay parameters to be less than Watchdog.

In ExplorerMasterServer Command Line Parameters we set -Watchdog.time 1500000 (milliseconds = 25 mins); -Workload.update.delay 15000 (.25 min) . We restarted tomcat and BO node.

Any further guide would be appreciated, weather is we are "over" configuring our session time or we are on or off the right track.


Thank you ahead

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Apr 17, 2017 at 07:28 PM
0

Update: We had 3 users logged in with 5 new session each (30 session total (BOE +Explorer) ) at different time, i.e. User1 logged in 1:35PM; User2 logged in 1:40PM; User3 logged in 1:45PM. Around 2:11PM all of our Explorer sessions are killed and BOE is the only session remains. This is confirmed via CMC - Session and users were still able to explore the IS. Around 2:25PM all of the user's BOE sessions were killed and users were not able to explore the IS; they received " Not a valid logon token (FWB 00003)" . However they were still logon into BOE; could travse through the folders and run a webi report; tried relaunching an IS but received the same error message.

This is puzzling because all users' BOE and Explorer sessions were killed together but at different point in time, which lead us to consider it's a server side configuration.

Could it be something that we need to configure, change value to false or true for secure token parameters?, in "BO install directory"/tomcat/webapps/BOE/WEB-INF/config/default/"XXXXX"?

What BO or Tomcat service or function kills or clean old client sessions?

Thank you ahead.

Share
10 |10000 characters needed characters left characters exceeded
Megh Vora Apr 18, 2017 at 12:35 PM
0

Hi Trieu,


What is the result for below scenarios?

1. Access Explorer URL within BI Launchpad

2. Accessing Explorer URL directly without BI Launchpad.

3. Are your users using SSO to login to BI Launchpad/Explorer? If yes, please ask them to test without SSO. Let me know if sessions behave as expected when users login without SSO.

4. What is the behavior with default Administrator user?

5. Since when did you start facing this problem. Did this start after an upgrade?

6. Is Load Balancer used? If yes test without load balancer.


Thanks,

Megh

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Here is the result:

  1. Accessing Explorer via BI Launchpad
  2. Not accessing Explorer directly
  3. Yes, we are testing via SSO. I disabled the ad account and login with username and password. I was able to keep drilling for 90 minutes. After 90 minutes I logout. This is based on single test. Group test will be done tomorrow.
  4. Not able to SSO with Administrator assumption is it will work same as #3 in this list.
  5. It is Clean Install
  6. No load Balancer used

Many many thanks Megh, Denis, and Jawahar looking forward to hear back from you guys!!!

Waleed

0

Waleed,

I suggest you to open an incident with SAP Support under BI-BIP-ADM component.

I have seen similar kind of incident on BI 4.2 SP3 with Explorer sessions opened with us for troubleshooting and so it is worth opening an incident.

Thanks,

Megh

0
avatar image
Former Member May 03, 2017 at 03:35 PM
0

We disable SSO for explorer; cleared tomcat cache, however BOE session does not timeout after 20 mins of inactivity; waited 60 mins and 80mins of inactivity- users still able to explorer instead of timed out and sessions remain. Thoughts? Do we need to update files?

Show 2 Share
10 |10000 characters needed characters left characters exceeded

What is the value set for logontoken.enabled in BIlaunchpad.properties file? Is it set to true or false. By default it should be set to false to allow sessions timeout on their own.

You can find this file under <install dir>:\Program Files (x86)\SAP BusinessObjects\tomcat\webapps\BOE\WEB-INF\config\default

If the value is set to true then you need to copy the BIlaunchpad.properties to <install dir>:\Program Files (x86)\SAP BusinessObjects\tomcat\webapps\BOE\WEB-INF\config\custom folder and change the value to logontoken.enabled=false.

Clear the cache of Tomcat by renaming the work folder to work_backup and restart the Tomcat. This should be done on all the instances of Tomcat that you may have.

See if this helps!

Thanks,

Megh

0
Former Member

Thanks for your input Megh. We resolved this issue by going one step further by setting the explorer session timeout to 2mins instead of 20mins along with disabling Explorer SSO (only keeping BOE SSO enable). Our users primpary will SSO into the BOE launchpad and access InfoSpaces. By disabling Explorer SSO and changing explorer's session timeout to 2mins we ensure that users' sessions are killed in 2mins if they close IE browser, however if they are in the BOE launchpad, their session will be killed within 20mins without activity because BOE launchpad is the primary session. Hopes this helps people in the future.

Regards

0