Skip to Content
Technical Articles
Author's profile photo Noel Scheaffer

Solution: Unable to Export to File System Destination After BusinessObjects BI 4.3 SP02 Patch 4 Upgrade

Update: Based on the comment from Ayman Salem the better solution is to create a  Destination_AllowList.txt file as described in KBA 2477817.


We are on BusinessObjects BI 4.2 SP09 Patch 4 and are in the final stages of preparing to upgrade to BI 4.3 SP02 Patch 8. I realized I had not yet tested saving to the File System as a delivery destination in our test environment so I give it a try. It did not work. I kept getting this error…

destination file error. [CrystalEnterprise.DiskUnmanaged]: [{1}]

I checked the properties of the File System destination within the properties of my AdaptiveJobServer. Everything looked as it should…

Unfortunately, I had not tested this immediately prior to the upgrade in our test environment so I was not sure that it was working before. I could create a file in my the desired network location from the BOBJ server as the same user I was putting in the File System destination settings which was also the same user running the SIA (Server Intelligence Agent). I could send my scheduled report results to the Email or BI Inbox destinations, but not the File System destination. I spent about an hour trying different things, but still no success.

So yesterday I reached out to our SAP Support Provider and I got on the phone with a representative for about a hour checking and trying a bunch of different things with no success. We connected again today and after about 30 minutes of poking around he suggested we replace the DLL corresponding to the File System destination with a copy from another environment. The file in question is dest_CrystalEnterprise_DiskUnmanaged.dll in the <InstallDirectory>\SAP BusinessObjects Enterprise XI 4.0\win64_x64 directory.

I renamed that file in our test system, located it in our production system, and copied it to our test system. Keep in mind our production system is BI 4.2 SP09 Patch 4. Next I restarted the test system  AdaptiveJobServer. It worked!

As an aside, I learned if you have your User Name and Password defined in the File System destination settings of your AdaptiveJobServer you can omit them in your schedule as shown below.

Assigned Tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ayman Salem
      Ayman Salem

      Copying a DLL from an old version/patch is not a good idea and a wrong way to solve the problem. (it should not be suggested in any way)

      for the problem you have after upgrading to 4.3 SP2-P900:

      As of 4.2 SP09 Patch 1100+, 4.3 SP02 Patch 800+ and 4.3 SP03 and higher versions, due to the security vulnerability (CVE-2022-41267), an additional configuration should be made (Destination_AllowList.txt) to allow sending the file to an unmanaged disk to use (destination - file system) and sending without this additional configuration no longer works.

      It is now mandatory to explicitly allow the locations you wish to schedule to

      see KBA 2477817 - Error "CrystalEnterprise.DiskUnmanaged" when scheduling a report to file system after upgrade to 4.2 SP09 Patch 1100, 4.3 SP02 Patch 800, 4.3 SP03

      3239475 - [CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform

      3278876 - Q&A for SAP Security Note 3239475 (CVE-2022-41267)

      Author's profile photo Noel Scheaffer
      Noel Scheaffer
      Blog Post Author

      I appreciate your correction and agree with your assessment that this is not advisable. I have restored the original DLL and implemented the fix in KBA 2477817. I have confirmed that works.

      I do have numerous questions not necessarily for you, but rather for SAP.

      1. How are we supposed to know about this? I searched the Related Info for 4.3 SP02 Patch 800 and could not find anything related this new functionality.
      2. How are we supposed to get the list of paths to which we have scheduled jobs writing and need to be added to this Destination_AllowList.txt file? QueryBuilder is not viable. Maybe I could get something using the CMS database driver and the BI platform CMS system database.unx universe. Fortunately, I have a third-party tool with which I can easily pull this information. Something as essential as this could be exposed within the CMC.
      3. Why do we have some settings available to be set within the CMC and others involve creating and/or editing specific files in specific folders? The allowable destinations could just as well be editable in the File System destination properties of the AdaptiveJobServer in the CMC (see first screen shot in the original question).
      4. The error message in the schedule report result details within the BI Launchpad is given as...

        destination file error. [CrystalEnterprise.DiskUnmanaged]: [{1}]

        When I increased the TraceLog Service Log Level of our AdaptiveJobServer from "Low" to "Medium" I did get this error in the logs...

        (destination_disk.cpp:708) destination_disk: file path not found in the whitelist filter: [path and filename redacted]

        That is helpful and would have pointed us in the direction of the recommend fix. Why not show this in the BI Launchpad?

      Again, thank you for expressing your concern with my solution here. I will update my question to reference KBA 2477817.

      Thank you,

      Noel

       

      Author's profile photo Ayman Salem
      Ayman Salem

      Hallo Noel,

      First of all, it's very important and I recommend that you and all BussinesObjects admins follow the CVE listing notes
      3169036 - BI 4.2 and BI 4.3 - Fixed CVE and Vulnerabilities List

      Also the SAP Patch Day on every 2nd Tuesday of the month.
      https://launchpad.support.sap.com/#/securitynotes
      SAP Security Patch Day 2023
      SAP Security Patch Day 2022
      Acknowledgments to Security Researchers

      for point 3, 4. there are also additional parameters (-whitelist) that you can set in the Adaptive Job Server in the CMC (for versions pre (lower than) 4.2 SP09 Patch 1100, 4.3 SP02 Patch 800 and 4.3 SP03).
      see 1759784 - Fixed Security Risk for Unamanged Disk Overwrite

      this parameter also applies to higher versions.

      so for higher versions you have the option to use ( -whitelist ) and ( Destination_AllowList.txt ).

      I will come to point 2 later.

      For point 2, you can use Query Builder or RESTful (CMS query) to get the target directories

      Query Builder:

       

      RESTful (CMS Query)

      I'm using "REST client for VSCode" here and with a bit of code to get the result (in JSON or XML format) which can be parsed and automatically generate the Destination_AllowList.txt file.

       

      Of course, you can also use CMS DB driver and BI platform CMS system database.unx to get the information from the CMS repository.

      ...

      hope this help.

      Ayman Salem