Introduction
This document explains the basic workflow of BI dashboards developed with Xcelsius
using BI Java and backend ABAP and troubleshooting the specific scenario.
Understanding the dashboard and its components
SAP knowledge base article # 1801130 explains very well how to troubleshoot issues in
BICS Remote Web Service for Xcelsius/Dashboard Designer. Dashboards created with
Xcelsius are accessed generally through BI portal iviews and internally calls BeX WEB to
display the query output.
For e.g
(http://HOST:PORT/irj/servlet/prt/portal//prtroot/pcd!3aportal_content!2f
com.sap.pct!2fplatform_add_ons!2fcom.sap.ip.bi!2fiViews!2fcom.sap.ip.bi.bex?
DASHBOARD=YYD_NI_NGEN_P)
These web queries then extract the data from backend BW system depending on the
selection made at dashboard and returns the output to BI Portal via SSO and RFCs.
The page sends request to portal integration launcher and displays the SWF on portal to
generate the graphs. The SWF (Flash) starts sending the queries to BICS remote web
service with URL link:
(http://<HOST>:<PORT>/BicsRemote/Config1?style=document)
Dashboard issue
Normally, below error occurs intermittently when the dashboard link is accessed.
There are various reasons for this kind of error.
Generally, it indicates the issue between portal and backend BW system
which could be due to SSO issue or something else.
How to troubleshoot dashboard issues
First of all, check default traces in NWA and try to reproduce the issue. If you see
corresponding entries getting updated in the logs, try to find out relevant SAP notes
for the same errors. Another stepwould be to capture HTTP traces using HTTPwatch
or IE developer tools.
HTTP trace or developer tools available in latest IE version (at least observed in IE 9) can be used to identify which component is getting impacted.
These tools give clear picture of all http calls and backend calls which could be helpful in tracing out the issue.
There are various HTTP return codes which we must be aware of to understand the flow and troubleshoot as mentioned below:
2xx | Success | This class of status codes indicates the action requested by the client was received, understood, accepted and processed successfully. |
3xx | Redirection | The client must take additional action to complete the request. |
4xx | Client Error | The client seems to have erred. |
5xx | Server Error | The server failed to fulfill an apparently valid request. |
Some of the possible scenarios experienced are as mentioned below (not for Business objects):
Check the SSO connectivity and certificates between BI ABAP and JAVA. It is helpful to check Java server nodes security logs and ABAP system logs to check the SSO issue.
It is always recommended to keep BI Java patches up to dated. BI Java patch strategy is mentioned in SAP note# 1506722. BI-BASE-S and BIWEBAPPS are compatible with n, n+1 and n+2 SP levels. For e.g. with SP05 Java stack, SP06 and SP07 patch level of BI-BASE-S and BIWEBAPPS is valid.
But all these details should be consulted with SAP support first depending on the type of issues faced.
If the issue is happening at the step when SWF initiates the queries to fetch the data from backend, the possible reason could be to check the compatibility of Adobe SWF with portal. There are many clients involved during this workflow, so the incompatibility could be at various levels like SWF version, IE version etc.
If above tests are failing and to check more in depth, we can check the cookie session details. It could be related to ‘session fixation attack’ and BICS Remote.
The session fixation protection mechanism is enabled by default in 7.11 SP06 and later and all SPs of 7.20 and 7.30
Session fixation attack can occur because of two scenarios as mentioned in note# 1417679. One of the scenarios faced in our case was parallel request fetching the data from backend BI system. In this type, the first request authenticates the user and other parallel requests are with the outdated session cookies and considered malicious with HTTP error code 403.
To fix this behavior, application can be customized to in a way that server accepts the parallel requests with outdated cookies within a grace period.
Disclaimer: The following recommendations must be applied only when the scenario is well investigated
a. Set the "Session Fixation Protection" property to "Grace Period"
(the default value is "Strict")
b. Set the parameter SessionIdRegenerationEnabled to ‘TRUE’ in configtool as
mentioned in note#1310561. It changes the application behavior by inserting
the additional field in session cookies as JSESSIONMARKID. Generally, this value
shouldn’t change for one request when portal request is received back from the
backend server. If it is changing, then possibly, there could be a problem with
application settings.
In case, error# 2032 is received when this parameter is TRUE, this parameter can be
set as FALSE as a workaround. Changing the value to FALSE will disable the additional
JSESSIONMARKID which can sometimes cause additional overhead on the server to
authenticate.
c. Policy domain for the module related to the BICS remote web services also need
to be changed.
References
SAP KBA # 1801130 - How to troubleshoot issues in BICS Remote Web Service for
Xcelsius/Dashboard Designer
SAP Note# 1506722 - Generic Note for BI Java Patches and Support Packages
SAP Note# 1737891 – 730: Changes to policy domain authentication for BICS remote
SAP Note# 1417679 - Session Fixation Attack Detection
SAP Note# 1310561 - SAP J2EE Engine Session Fixation Protection
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
Abbreviations
NWA – Netweaver Administrator
IE – Internet Explorer
SP – Support Pack
SWF – Shockwave Flash
BI – Business Intelligence
SSO – Single Sign-On
- SAP Managed Tags:
1 Comment
