Technical Articles
Solution: Unable to Export to File System Destination After BusinessObjects BI 4.3 SP02 Patch 4 Upgrade
Update: Based on the comment from Ayman Salem the better solution is to create a Destination_AllowList.txt file as described in KBA 2477817.
We are on BusinessObjects BI 4.2 SP09 Patch 4 and are in the final stages of preparing to upgrade to BI 4.3 SP02 Patch 8. I realized I had not yet tested saving to the File System as a delivery destination in our test environment so I give it a try. It did not work. I kept getting this error…
destination file error. [CrystalEnterprise.DiskUnmanaged]: [{1}]
I checked the properties of the File System destination within the properties of my AdaptiveJobServer. Everything looked as it should…
Unfortunately, I had not tested this immediately prior to the upgrade in our test environment so I was not sure that it was working before. I could create a file in my the desired network location from the BOBJ server as the same user I was putting in the File System destination settings which was also the same user running the SIA (Server Intelligence Agent). I could send my scheduled report results to the Email or BI Inbox destinations, but not the File System destination. I spent about an hour trying different things, but still no success.
So yesterday I reached out to our SAP Support Provider and I got on the phone with a representative for about a hour checking and trying a bunch of different things with no success. We connected again today and after about 30 minutes of poking around he suggested we replace the DLL corresponding to the File System destination with a copy from another environment. The file in question is dest_CrystalEnterprise_DiskUnmanaged.dll in the <InstallDirectory>\SAP BusinessObjects Enterprise XI 4.0\win64_x64 directory.
I renamed that file in our test system, located it in our production system, and copied it to our test system. Keep in mind our production system is BI 4.2 SP09 Patch 4. Next I restarted the test system AdaptiveJobServer. It worked!
As an aside, I learned if you have your User Name and Password defined in the File System destination settings of your AdaptiveJobServer you can omit them in your schedule as shown below.
Copying a DLL from an old version/patch is not a good idea and a wrong way to solve the problem. (it should not be suggested in any way)
for the problem you have after upgrading to 4.3 SP2-P900:
As of 4.2 SP09 Patch 1100+, 4.3 SP02 Patch 800+ and 4.3 SP03 and higher versions, due to the security vulnerability (CVE-2022-41267), an additional configuration should be made (Destination_AllowList.txt) to allow sending the file to an unmanaged disk to use (destination - file system) and sending without this additional configuration no longer works.
It is now mandatory to explicitly allow the locations you wish to schedule to
see KBA 2477817 - Error "CrystalEnterprise.DiskUnmanaged" when scheduling a report to file system after upgrade to 4.2 SP09 Patch 1100, 4.3 SP02 Patch 800, 4.3 SP03
3239475 - [CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform
3278876 - Q&A for SAP Security Note 3239475 (CVE-2022-41267)
I appreciate your correction and agree with your assessment that this is not advisable. I have restored the original DLL and implemented the fix in KBA 2477817. I have confirmed that works.
I do have numerous questions not necessarily for you, but rather for SAP.
When I increased the TraceLog Service Log Level of our AdaptiveJobServer from "Low" to "Medium" I did get this error in the logs...
That is helpful and would have pointed us in the direction of the recommend fix. Why not show this in the BI Launchpad?
Again, thank you for expressing your concern with my solution here. I will update my question to reference KBA 2477817.
Thank you,
Noel
Hallo Noel,
First of all, it's very important and I recommend that you and all BussinesObjects admins follow the CVE listing notes
3169036 - BI 4.2 and BI 4.3 - Fixed CVE and Vulnerabilities List
Also the SAP Patch Day on every 2nd Tuesday of the month.
https://launchpad.support.sap.com/#/securitynotes
SAP Security Patch Day 2023
SAP Security Patch Day 2022
Acknowledgments to Security Researchers
for point 3, 4. there are also additional parameters (-whitelist) that you can set in the Adaptive Job Server in the CMC (for versions pre (lower than) 4.2 SP09 Patch 1100, 4.3 SP02 Patch 800 and 4.3 SP03).
see 1759784 - Fixed Security Risk for Unamanged Disk Overwrite
this parameter also applies to higher versions.
so for higher versions you have the option to use ( -whitelist ) and ( Destination_AllowList.txt ).
I will come to point 2 later.
For point 2, you can use Query Builder or RESTful (CMS query) to get the target directories
Query Builder:
RESTful (CMS Query)
I'm using "REST client for VSCode" here and with a bit of code to get the result (in JSON or XML format) which can be parsed and automatically generate the Destination_AllowList.txt file.
Of course, you can also use CMS DB driver and BI platform CMS system database.unx to get the information from the CMS repository.
...
hope this help.
Ayman Salem