Planning Analytics

Planning Analytics

Get AI-infused integrated business planning

 View Only

  • 1.  PM - Unable to logon to pmpsvc service

    Posted Mon February 14, 2022 03:10 PM
    Edited by System Admin Fri January 20, 2023 04:26 PM

    Hello!

    When trying to open TM1 models in the Performance Modeller I get the error "Unable to logon to pmpsvc service". PAW works fine and all the security seems ok though PAW. Starting and stopping TM1 servers using the PAW admin environment works fine. We are no longer using the old TM1 applications but we still need the PM. The current versions. TM1 Local 2.0.9.11 and PAW 2.0.72. 

    We are using the Cognos security groups but we would like to use only the AD groups for TM1, PM, and PAW if possible. 

    Two questions:

    1. What could be the cause of those errors?
    2. How should we best configure the security in our environment, given the above?

    Symptoms:

    • When starting the PM I get the error message: "Unable to logon to pmpsvc service" 
    • I am not able to open the application configuration: ourdomain:9510/pmpsvc/applications.jsp 
    • When starting a TM1 server using the "IBM Cognos Configuration" I get the following messages
      [Cryptography]
      [ ERROR ] CAM-CRP-1315 Current configuration points to a different Trust Domain than originally configured.
      [ ERROR ] The cryptography information was not generated.

    tm1s.cfg 

    SecurityPackageName=Kerberos
    IntegratedSecurityMode=5
    UseSSL=T
    AdminHost=localhost
    ...
    ServerCAMURI=http://cognos.ourdomain:9300/p2pd/servlet/dispatch
    ClientCAMURI=https://cognos.ourdomain:443/ibmcognos/bi/v1/disp
    ...



    ------------------------------
    Asgeir Thorgeirsson
    ------------------------------
    #PlanningAnalyticswithWatson


  • 2.  RE: PM - Unable to logon to pmpsvc service

    Posted Tue February 15, 2022 04:42 AM
    Hi Asgeir,

    In cognos configuration, is cognos configuration for tm1 what is the tm1 application server gateway URI and external URI pointing to, still 9510? The reason I ask is because if PASS (TM1Web) has been installed on the same server there will be a port conflict unless either TM1 Applications or TM1Web is configured to use a different port.

    You shouldn't be getting the cryptographic errors in cognos configuration, if you are please follow these steps 

    https://www.ibm.com/support/pages/how-regenerate-cryptographic-keys-planning-analytics

    As pmpsvc has to use it's own port/separate to tm1web, in the cognos analytics/bi install there should be some bi_interop files. You'll need to make sure the config files in there point to the TM1 application port when necessary. If it doesn't the URL rewrite will never come back on authentication.

    It could also be the config for TM1 Applications have been incorrectly applied, perhaps configured before CAM security and ports had been setup/changed and therefore may still be using the wrong security details. You can reset these configs via following this link:

    https://www.ibm.com/docs/en/planning-analytics/2.0.0?topic=mypali-restoring-application-configuration-files-in-cognos-tm1-applications

    When the TM1 Applications service has been restarted, and you navigate to the pmpsvc address for the first time you'll prompted to enter some config information, update this as necessary.

    ------------------------------
    Simon Saul
    ------------------------------

    Original Message


  • 3.  RE: PM - Unable to logon to pmpsvc service

    Posted Tue February 15, 2022 05:53 AM
    Hi Simon,
    thanks for the response.

    Yes, the tm1 application server gateway URI and external URI is pointing to 9510. How can I see if TM1Web is configured to use the same port?

    We are not using the TM1Web and I do not know that product. It may however have been installed on the TM1 server. Can I just uninstall TM1Web to resolve possible conflicts?

    ------------------------------
    Asgeir Thorgeirsson
    ------------------------------

    Original Message


  • 4.  RE: PM - Unable to logon to pmpsvc service

    Posted Tue February 15, 2022 06:45 AM
    If the services "IBM Cognos TM1" is running then there isn't a port conflict. Judging by your response TM1Web also now known as Spreadsheet Services hasn't been installed. TM1Web allows you to view your Excel applications without the whole reviewer/approver setup, basically like viewing websheets in perspectives/PAX but in a web browser. In legacy older installations TM1Web and TM1 Applications used to run over the same port but TM1Web was separated from the main install so it could be updated more frequently in alignment with PAW and PAX.

    You'll certainly need to resolve the cryptographic errors and likely need to reset the config for TM1 Applications which I suspect is setup incorrectly. See both URL links I provided for instructions.

    FYI should you want to display your excel applications within PAW in the future, you will need to have TM1Web/Spreadsheet services installed.

    ------------------------------
    Simon Saul
    ------------------------------

    Original Message


  • 5.  RE: PM - Unable to logon to pmpsvc service

    Posted Tue February 15, 2022 06:53 AM
    Also this comment piqued my interest:
    "We are no longer using the old TM1 applications but we still need the PM"

    If your not using TM1 Applications then what are you doing in performance modeler that couldn't be done using Architect or PAW? Setting up TM1 Applications is the only thing I ever need to use performance modeler for nowadays.

    And even if you do use performance modeler, you'll need to access the tm1 applications webpage first ...:9510/pmpsvc to setup the config if not already done

    ------------------------------
    Simon Saul
    ------------------------------

    Original Message


  • 6.  RE: PM - Unable to logon to pmpsvc service

    Posted Tue February 15, 2022 07:07 AM
    You read my thoughts, Simon
    Everything is working fine except for PM which we need for the maintenance of some PM links in older models. Also, we use PM for some editing that is not available yet in PAW like adding or deleting dimensions in a cube, copying objects, etc. We have until now not used the Architect mutch. Until we have rewritten all our PM links, the PM is needed.

    From your input in this discussion, I understand that there is no way around using the old application config for the PM to work. Is this correct?

    ------------------------------
    Asgeir Thorgeirsson
    ------------------------------

    Original Message


  • 7.  RE: PM - Unable to logon to pmpsvc service

    Posted Tue February 15, 2022 08:41 AM
    I think PM relies on the TM1 Application config for authentication, so TM1 Applications would need to be configured to log into performance modeler. You don't need any applications deployed, just the config set up so that you can reach the application portal. If you have no deployed applications and simply using performance modeler you could reduce the Java memory overhead for the service.

    If you've not used Architect much, I would recommend focusing on using PAW instead. There are a few things you can't do in PAW or are just easier to do in Architect, but the majority of capability is there.

    ------------------------------
    Simon Saul
    ------------------------------

    Original Message


  • 8.  RE: PM - Unable to logon to pmpsvc service

    Posted Tue February 15, 2022 01:56 PM
    Problem fixed
    It was a port conflict with the TM1WEB as @Simon Saul suggested initially, so thank you for that, Simon!

    Here is info on how to resolve this conflict.
    How to Configure TM1 Application Web to connect to TM1 Web since 2.0.9.2 ? (IBM Planning Analytics Spreadsheet Services)

    Thanks, Asgeir​

    ------------------------------
    Asgeir Thorgeirsson
    ------------------------------

    Original Message