Troubleshooting
Problem
Firewall error occurs in Cognos Portal (Administration/ Connection) when selecting "Set Properties" or "More"
Symptom
DPR-ERR-2079 Firewall Security Rejection. Your request was rejected by
the security firewall.
CAF rejection details are available in the log. Please contact your
administrator.
Cause
Customer has CAF enabled and has URLs in Valid domains and hosts
Environment
Single or Distributed environment with CAF enabled
Diagnosing The Problem
In cogserver:
Trace.caf.validator no CAF cookie - no backup passports to check signature caf TRACE
10.116.163.152:32120 27405 2015-04-29 07:39:55.948 -5 WebContainer : 5 caf 2047 1 Audit.dispatcher.caf Request Failure check signature failed: string => 397307|ps
10.116.163.152:32120 27405 2015-04-29 07:39:55.948 -5 WebContainer : 5 caf 2047 1 Audit.dispatcher.caf Request Failure check signature failed: hmac => AhQAAABWXMjFZov39wS0Eb4ffq2Ep9neVgcAAABTSEEtMjU2IAAAAG0HIw59gowPQIiy*6H5D5R4F8Wv-eSX*6TlFjOOvoQ6
10.116.163.152:32120 27405 2015-04-29 07:39:55.948 -5 WebContainer : 5 caf 2047 1 Audit.dispatcher.caf Request Failure check signature failed: passport => null
10.116.163.152:32120 27405 2015-04-29 07:39:55.948 -5 WebContainer : 5 caf 2047 1 Audit.dispatcher.caf Request Failure check signature failed: salted => true
10.116.163.152:32120 27405 2015-04-29 07:39:55.948 -5 WebContainer : 5 caf 2047 1 Audit.dispatcher.caf Request Failure unwrap and check signature failed: web64 decoded value => CAFA6000000009AhQAAABWXMjFZov39wS0Eb4ffq2Ep9neVgcAAABTSEEtMjU2IAAAAG0HIw59gowPQIiy*6H5D5R4F8Wv-eSX*6TlFjOOvoQ6397307|ps
10.116.163.152:32120 27405 2015-04-29 07:39:55.948 -5 WebContainer : 5 caf 2047 1 Audit.dispatcher.caf Request Failure context id signature check failed: unwrap context id =>
10.116.163.152:32120 27405 2015-04-29 07:39:55.948 -5 WebContainer : 5 caf 2047 1 Audit.dispatcher.caf Request Failure invalid context id: context id =>
Resolving The Problem
1. Go to Cognos Configuration
2. Click Actions -> Edit Global Configuration...
3. For "Domain" section please add domain for example ".ca.ibm.com"
*'.' at beginning must be placed
Restart services.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21903072