2 Replies Latest reply on Dec 19, 2019 8:00 AM by christine puk

    Warning generating trusted ticket: Error generating trusted ticket. Value of ticket is -1

    christine puk

      Hello all! I have been working on getting VizAlerts setup over the last few days, and have worked through various issues, but this last one has me stumped. I have gone through the docs and various forums that have this issue, but for some reason I cannot seem to crack it.

       

      Here are the systems I am running:

      • Centos Linux Tableau Server Version
        • Tableau Services Manager command line version 20192.19.0518.0639.
        • Tableau Server version 20192.19.0518.0639.
      • MacOS Tableau Client Version (this means I am using the python script to run VizAlerts, because the binary is only for Windows) 2019.2
      • VizAlerts (on the client) Version 2.2.1

       

      I have tried:

      • Disabling trusted tickets entirely via tsm configuration  set -k wgserver.unrestricted_ticket -v false
        • I reverted this, so its set to true now, but it changed nothing in the output when i ran when it was false
      • Changing the logging level to see what is hitting the server, but I cannot see anything under /var/opt/tableau/tableau_server/data/tabsvc in either vizqlserver, vizportal, tabsvc, logs, etc. via tsm configuration set -k vizqlserver.trustedticket.log_level -v debug
        • On the client side, there is only the same python output that I see from the terminal when I run the script under /logs (output is below)
      • Going through everything in the docs, but since logging hasn't been very useful it has not helped much
      • Editing the config yaml file based on the forums
      • Changing the server version to the actual version, but it would only accept the values 8,9, or 10
      • Looking at the code where the script fails, and its pretty much isolated to the trusted_ticket_test function
      • Enabling ssl check and creating a pem file (you can see this commented out in the configs)
      • I have tried Testing Trusted ticket but have not gotten it to work, but I do get the following which tells me its working (?) https://tab.company.com/trusted/test.html

      An error occurred on the server. The details of the error are

      • Could not locate unexpired trusted ticket

      Click the Refresh button in your web browser and try again.

      If you continue to receive this error please contact your Tableau Server Administrator.

       

      I have confirmed that:

      • My VizAlertsConfig workbook is set up as expected, and the data source loads on the webgui and all that.
        • The readonly user password is embedded for the workbook!
      • The readonly user is set up on the Postgress db and also as an "explorer" on the tableau server itself, using the same password. The authentication is local and in the <tabserver>:8850 Admin portal I have it set that trusted auth is disabled for connections by selecting "Off for all connections (default)"
      • Also confirmed that the trusted hosts are correct, and in the python I am using the right config yaml file
        • You can also see this in the debug output from the python script below
      • My yaml passes, and all the SMTP stuff is run because I get an email as configured in my yaml when I run the script

       

       

      Here is my Config File (with sensitive info redacted):

      replaced my company with "company" and changed numbers in the IP addresses to X's

       

      # Local paths settings

      log.dir: ".//logs//"                 

      log.dir.file_retention_seconds: 432000   

      log.level: DEBUG                       

      schedule.state.dir: ".//ops//"          

      temp.dir: ".//temp//"                    

      temp.dir.file_retention_seconds: 86400    

       

      # Email settings

      smtp.serv: outbound.mail.company.com         

      smtp.address.from: alerts@tab.company.com 

      smtp.address.to: christine@company.com         

      smtp.subject: 'ALERT: VizAlerts failed to execute properly'

      smtp.ssl: false                           

      smtp.user: null                         

      smtp.password: null

                  

      # Tableau Server settings

      server: tab.company.com                    

      # actual version is 20192.19.0518.0639

      server.version: 10

      server.ssl: true

      server.user: readonly                     

      server.user.domain: tab.company.com

       

      vizalerts.source.viz: VizAlertsConfig/ScheduledTriggerViews?:iid=3                                       

      #vizalerts.source.viz: 'VizAlertsConfig/ScheduledTriggerViews'

      vizalerts.source.site: 'Default'       

       

      # Security settings

      server.ssl: true                       

      server.certcheck: false                

      server.certfile: null

      # server.certfile: '/Users/christine/git/VizAlerts/config/public.tab.pem'

                                      

      trusted.useclientip: true

      trusted.clientip: 172.XXX.X.X 66.XX.XX.242, 173.XXX.XXX.1

       

      smsaction.enable: false

      smsaction.provider: twilio                

      smsaction.auth_token: null

      smsaction.account_id: null

       

      threads: 2                               

      data.coldelimiter: ','               

       

       

      Here is my error message on the client side when I run the script:

       

      christine VizAlerts$ python vizalerts.py --config config/vizalerts.yaml

       

      /Users/christine/git/VizAlerts/tabUtil/__init__.py:34: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.

       

        yaml_opts = yaml.load(f)

       

      2019-12-13 10:37:43 - [INFO] - Logging initialized, writing to .//logs//vizalerts.log_2019-12-13.log

       

      2019-12-13 10:37:43 - [INFO] - VizAlerts v2.1.1 is starting

       

      2019-12-13 10:37:43 - [DEBUG] - testing trusted ticket: tab.company.com, readonly, tab.company.com, 172.XXX.X.X, 66.XX.XX.242, 173.XXX.XXX.1

       

      2019-12-13 10:37:43 - [DEBUG] - Generating trusted ticket. Request details: Server: tab.company.com, Site: , Username: readonly, Url: https://tab.company.com/trusted, Postdata: username=tab.company.com%5Creadonly&client_ip=172.XXX.X.X%2C+66.XX.XX.242%2C+173.XXX.XXX.1.

       

      2019-12-13 10:37:43 - [DEBUG] - using SSL and NOT verifying cert

       

      2019-12-13 10:37:44 - [DEBUG] - Got ticket: -1

       

      2019-12-13 10:37:44 - [ERROR] - Error generating trusted ticket. Value of ticket is -1.  Please see http://onlinehelp.tableau.com/current/server/en-us/trusted_auth_trouble_1return.htm Request details:

       

      2019-12-13 10:37:44 - [ERROR] - UserWarning generating trusted ticket: Error generating trusted ticket. Value of ticket is -1.  Please see http://onlinehelp.tableau.com/current/server/en-us/trusted_auth_trouble_1return.htm Request details:  Request details: Server: tab.company.com, Site: , Username: readonly, Url: https://tab.company.com/trusted, Postdata: username=tab.company.com%5Creadonly&amp;client_ip=172.XXX.X.X%2C+66.XX.XX.242%2C+173.XXX.XXX.1.

       

      2019-12-13 10:37:44 - [ERROR] - UserWarning generating trusted ticket: Error generating trusted ticket. Value of ticket is -1.  Please see http://onlinehelp.tableau.com/current/server/en-us/trusted_auth_trouble_1return.htm Request details:  Request details: Server: tab.company.com, Site: , Username: readonly, Url: https://tab.company.com/trusted, Postdata: username=tab.company.com%5Creadonly&amp;client_ip=172.XXX.X.X%2C+66.XX.XX.242%2C+173.XXX.XXX.1.

       

      2019-12-13 10:37:44 - [INFO] - sending email: outbound.mail.company.com,alerts@tab.company.com,christine@company.com,None,None,ALERT: VizAlerts failed to execute properly,None

       

      2019-12-13 10:37:44 - [DEBUG] - email body: UserWarning generating trusted ticket: Error generating trusted ticket. Value of ticket is -1.  Please see http://onlinehelp.tableau.com/current/server/en-us/trusted_auth_trouble_1return.htm Request details:  Request details: Server: tab.company.com, Site: , Username: readonly, Url: https://tab.company.com/trusted, Postdata: username=tab.company.com%5Creadonly&amp;client_ip=172.XXX.X.X%2C+66.XX.XX.242%2C+173.XXX.XXX.1.

       

      2019-12-13 10:37:44 - [DEBUG] - TO ADDRESS: christine@company.com

       

      2019-12-13 10:37:44 - [DEBUG] - CC ADDRESS: None

       

      2019-12-13 10:37:44 - [DEBUG] - BCC ADDRESS: None

       

      2019-12-13 10:37:46 - [ERROR] - An unhandled exception occurred: Traceback (most recent call last):

       

        File "vizalerts.py", line 488, in <module>

       

          main()

       

        File "vizalerts.py", line 129, in main

       

          trusted_ticket_test()

       

        File "vizalerts.py", line 205, in trusted_ticket_test

       

          quit_script(errormessage)

       

        File "vizalerts.py", line 474, in quit_script

       

          sys.exit(1)

       

      SystemExit: 1

       

      Traceback (most recent call last):

       

        File "vizalerts.py", line 488, in <module>

       

          main()

       

        File "vizalerts.py", line 129, in main

       

          trusted_ticket_test()

       

        File "vizalerts.py", line 205, in trusted_ticket_test

       

          quit_script(errormessage)

       

        File "vizalerts.py", line 474, in quit_script

       

          sys.exit(1)

       

      SystemExit: 1

       

      Literally any help would be amazing, and please let me know if you need more info, thanks again!

      Matt Coles perhaps?

        • 1. Re: Warning generating trusted ticket: Error generating trusted ticket. Value of ticket is -1
          Matt Coles

          Thanks for all the detail, Christine. If you are getting a "-1" response from Tableau Server, it means only one of very few things, because it verifies that you were able to make a request to Tableau Server and get a valid (if error-indicating) response back. From Ticket Value of -1 Returned from Tableau Server - Tableau , here are the possible options:

           

          • All web server host names or IP addresses are not added to trusted hosts The log error, "Invalid request host: <IP address>" may indicate that the IP address or host name for the computer sending the POST request is not in the list of trusted hosts on Tableau Server. See Add Trusted IP Addresses or Host Names to Tableau  Serverto learn how to add IP addresses or host names to this list.
          • IP addresses are IPv4  If you are using IP addresses to specify trusted hosts, they must be in Internet Protocol version 4 (IPv4) format. An IPv4 address looks like this: 123.456.7.890. IPv6 addresses (for example, fe12::3c4a:5eab:6789:01c%34) are not supported as a way of inputting trusted hosts.
          • Username in POST request is a valid Tableau Server user  The username you send in the POST request must be a licensed Tableau Server user with a Viewer orExplorerlicense level. You can see a list of users and their license levels by signing in to Tableau Server as an administrator and clicking the Licensing link on the left side of the page.The following log errors indicate a user POST issue:
            • "Missing username and/or client_ip"
            • "Invalid user: <username>"
            • "Unlicensed user is not allowed: <username>"
          • Username in POST request includes domain  If Tableau Server is configured to use Local Authentication, the username that you send in the POST can be a simple string. However, if the server is configured for Active Directory you must include the domain name with the user name (domain\username). For example, the username parameter might be:username=dev\jsmith. A common error log for this scenario is "Invalid user: <username>."

           

          My first thought is that maybe your user, "readonly" is not actually a valid Tableau Server user. Yes, you open up access to the PostgreSQL repository using that name, but it will not actually create a licensed user on Tableau Server for you--it's just a user in the actual PostgreSQL database itself. This might explain the error you got while using the Javscript trusted tickets test page, too.

           

          If it isn't that, my next guess would be that it's that your Mac is not being recognized as a trusted host (top bullet). Try adding it to the trusted host list via IPv4 address rather than hostname.

           

           

          Lastly, it could be an issue with the domain you entered, though I'd have no idea what the issue would be.

           

           

          If all that doesn't work, then we need to find your vizqlserver logs and dig through them to figure out what is up. Why they weren't showing when you looked at the install path is a mystery to me. We know we sent a request and got a response, so there'll absolutely be a log written. It must have been written to a different location. Are you running a multi-node Server instance? If so, it could have been written to any of the hosts running one or more VizQLServer processes.

           

          Good luck! Let me know if you still can't figure it out.

          • 2. Re: Warning generating trusted ticket: Error generating trusted ticket. Value of ticket is -1
            christine puk

            Hello,

             

            Thanks for your reply Matt Coles Really appreciate it. I was able to get Test Trusted Authentication working, and in that I realised that the readonly user was a bit funky, and I switched to my user “tab” whom is an admin, and I also moved VizAlertsConfig to the general/default project, and was able to confirm that that user could access that workbook via a trusted ticket. My URL looked like this:

             

            https://tab.company.com/trusted/<trusted-ticket>/views/VizAlertsConfig/ScheduledTriggerViews

             

            Also good news, I was able to see some form of life from the logs, not much but it’s something.

             

            But the best news is: I resolved it. The source of the issue was I had my server “server.user.domain: tab.company..com” not set to null, which it needed to be for local authentication. I think I have it working now, but posting this reply for history sake. This was your suggestion "User in post includes a domain"

             

            Logs:

             

            /var/opt/tableau/tableau_server/data/tabsvc/logs/vizqlserver/vizqlserver_node1-3.log

             

            ps. You will see invalid user “/user/local/tab” in the errors below, this is because in the config I changed “server.user: ‘user/local/tab’” because that was the format of the URL on the webgui, and I thought that the tab.company.com\tab might have been some hardcoded windows path weirdness, but no dice.

             

            2019-12-16 18:55:25.953 +0000 (,,,) scheduled-purge-temp-directories-1 : INFO  wgsessionId= com.tableausoftware.core.service.PurgeDirectoryService - Purging /var/opt/tableau/tableau_server/data/tabsvc/temp/vizqlserver_3.20192.19.0518.0639 of files last modified before 2019-12-15 18:55:25.953 +0000

            2019-12-16 18:55:25.954 +0000 (,,,) scheduled-purge-temp-directories-1 : INFO  wgsessionId= com.tableausoftware.core.service.PurgeDirectoryService - Purged 0 KB and 0 files with 0 files/directories that couldn't be deleted.

            2019-12-16 18:55:26.194 +0000 (,,,) scheduled-delete-dead-extract-sessions-1 : INFO  wgsessionId= com.tableausoftware.domain.content.extracts.ExtractService - Deleting dead extract sessions of type 'Workbook'.  There are 1 active sessions.

            2019-12-16 18:55:26.195 +0000 (,,,) scheduled-delete-dead-extract-sessions-1 : INFO  wgsessionId= com.tableausoftware.domain.content.extracts.ExtractService - Deleted 0 'Workbook' extract_sessions matching '-1:3' and not in list of 1 guids for worker 'localhost'

            2019-12-16 18:55:33.618 +0000 (,,,) scheduled-reindex-pending-content-1 : INFO  wgsessionId= com.tableausoftware.domain.content.AnalyticsServiceReindexer - reindexPendingItems is reindexing 0 items.

            2019-12-16 19:00:33.618 +0000 (,,,) scheduled-reindex-pending-content-1 : INFO  wgsessionId= com.tableausoftware.domain.content.AnalyticsServiceReindexer - reindexPendingItems is reindexing 0 items.

            2019-12-16 19:05:33.619 +0000 (,,,) scheduled-reindex-pending-content-1 : INFO  wgsessionId= com.tableausoftware.domain.content.AnalyticsServiceReindexer - reindexPendingItems is reindexing 0 items.

            2019-12-16 19:10:33.620 +0000 (,,,) scheduled-reindex-pending-content-1 : INFO  wgsessionId= com.tableausoftware.domain.content.AnalyticsServiceReindexer - reindexPendingItems is reindexing 0 items.

            2019-12-16 19:14:43.560 +0000 (,,-,XffXo6OCPpZy7ETIhll-ZwAAADU) catalina-exec-19 : ERROR wgsessionId=XZKt0mX8R-KFKUuW5pZymQ com.tableausoftware.model.workgroup.service.TrustedTicketServiceImpl - Invalid user: /user/local/tab

            2019-12-16 19:15:29.890 +0000 (,,-,XffX0TW8rTe3JXPk6diXjwAAALg) catalina-exec-22 : ERROR wgsessionId= com.tableausoftware.model.workgroup.service.TrustedTicketServiceImpl - Invalid user: tab.company.com\/user/local/tab

            2019-12-16 19:15:33.620 +0000 (,,,) scheduled-reindex-pending-content-1 : INFO  wgsessionId= com.tableausoftware.domain.content.AnalyticsServiceReindexer - reindexPendingItems is reindexing 0 items.

            2019-12-16 19:16:05.182 +0000 (,,-,XffX9aKGF4qD5gr0uLF6cwAAAGE) catalina-exec-23 : ERROR wgsessionId= com.tableausoftware.model.workgroup.service.TrustedTicketServiceImpl - Invalid user: tab.company.com\tab

             

             

            Here are my current working configs:

            # Local paths settings

            log.dir: ".//logs//"                       

            log.dir.file_retention_seconds: 432000

            log.level: DEBUG 

            schedule.state.dir: ".//ops//"

            temp.dir: ".//temp//"

            temp.dir.file_retention_seconds: 86400

             

            # Email settings

            smtp.serv: outbound.mail.company.com              

            smtp.port: 25                              

            smtp.address.from: alerts@tab.company.com       

            smtp.address.to: christine@company.com            

            smtp.subject: 'ALERT: VizAlerts failed to execute properly'

            smtp.ssl: false                                

            smtp.user: null                               

            smtp.password: null                    

             

            # Tableau Server settings

            server: tab.company.com                  

            server.version: 10                             

            server.user: tab

            #server.user: readonly                     

            #server.user.domain: tab.company.com                    

            server.user.domain: null                                               # Leave as null (no quotes) if Tableau Server uses local authentication

            vizalerts.source.viz: '/views/VizAlertsConfig/ScheduledTriggerViews' 

            #vizalerts.source.viz: 'VizAlertsConfig/ScheduledTriggerViews'     # Viz to pull list of alerts from. Must be of the form 'WorkbookURL/ViewUrl'

            vizalerts.source.site: Default

             

            # Security settings

            server.ssl: true                               # use HTTPS for Server connections (recommended, but left off by default for testing)

            server.certcheck: false                         # if using HTTPS, validate the certificate (recommended, but left off by default for testing)

            server.certfile: null                                                # If you turn this on you MUST specify a certificate bundle in server.certfile

            # server.certfile: '/Users/christine/git/VizAlerts/config/public.tab.pem'                        # Full path to the set of trusted CA certificates to verify your SSL certificate on Tableau Server in .pem format

                                                                # example: 'c:\\certificates\\cacert.pem'

            trusted.useclientip: true                      # use clientip for trusted tickets verification

                                                                # This is optional. Please see http://onlinehelp.tableausoftware.com/current/server/en-us/trusted_auth_optional.htm

            trusted.clientip: 172.104.2.4                          # IP address of THIS host. Only needed if trusted.useclientip is set to true. Otherwise, just leave it null.

             

            # SMS Settings

            smsaction.enable: false                         # use these settings to enable SMS messages. If false, we won't even check them, and all SMS attempts will fail

            smsaction.provider: twilio                      # the only allowed provider currently is twilio

            smsaction.auth_token: null

            smsaction.account_id: null

             

            threads: 2                                      # Number of threads VizAlerts will use to process alerts

            data.coldelimiter: ','                          # Character used to separate field values in CSV files exported from Tableau Server