If the password needs to be reset for the super admin (username 'Administrator'), follow these steps:
java64\bin\java.exe -jar servicerunner-{version number}.jar STARTUP RESETADMINPASSWORD
sudo docker exec -it ads_datastudio_1 /bin/bash
, where the ads_datastudio_1 is referring to the to the provisioned DataStudio container.java -jar pserver-[version].jar STARTUP RESETADMINPASSWORD
, where the version referring to current DataStudio version. java -jar servicerunner-[version].jar STARTUP RESETADMINPASSWORD
, where the version referring to current DataStudio version. exit
command.docker-compose
command.Problem: Unable to access Data Studio with the error: Your connection is not private and the Advanced section containing the message: You cannot visit {Data Studio URL} right now because the website uses HSTS.
Cause: HTTP Strict Transport Security (HSTS) is a security mechanism which once enabled, only allows Data Studio to be accessed over HTTPS with a valid SSL certificate. This error means there is an issue with the SSL configuration and therefore HSTS is blocking access to Data Studio.
Resolution: The most common cause of this error is an expired SSL certificate. To update Data Studio with a new SSL certificate, you can either use a different browser (which hasn't had the HSTS policy set) or remove the HSTS policy from your existing browser. To remove the policy in Chrome:
chrome://net-internals/#hsts
in a new tab.Data Studio will still show the same error message but now when clicking on Advanced, you should have the additional option to Proceed to {Data Studio URL}.
Problem: SSL certificate file cacerts is not found or applied certificates are not being utilised.
Cause: The SSL certificates file that is used by Aperture Data Studio is either not found or has not been updated with the correct certificate.
Resolution: The certificate file that is used by Aperture Data Studio is located in
All public SSL certificates must be added to this file. Find out more about private CA root certificates.
Problem: Unable to authenticate via your identity provider (IdP) to access Data Studio.
Cause: SAML settings have been misconfigured. This can range from a mismatch in certificate fingerprint to incorrectly populated URL values.
Resolution: Review the log file for the specific error. Below are several examples of specific errors and how to resolve them.
IdP signing certificate doesn't match provided certificate fingerprint
This indicates that the certificate fingerprint in Data Studio does not match the one provided by the IdP. Please recheck the certificate fingerprint, ensuring that you are providing Data Studio with the correct fingerprint, and that the fingerprint algorithm is correct.
Note that the fingerprint algorithm is not the same as the signing algorithm. You can determine which fingerprint algorithm was used to generate your certificate fingerprint using the table below:
Length of fingerprint (excluding colons) | Fingerprint algorithm |
---|---|
40 | SHA1 |
64 | SHA256 |
96 | SHA384 |
128 | SHA512 |
Response received before/after the assertion lifetime
Problem: When accessing Data Studio via single sign-on (SSO), login fails due to a timeout.
Cause: The request generated by Data Studio for the user to authenticate via IdP has expired for security purposes.
Resolution: Use the Log in with SSO button on the Data Studio login page and try again.
Problem: Unable to access the Data Studio interface.
Cause: This can happen after disabling SSL in Data Studio and can occur in certain browsers due to their interaction with HTTPS cookies.
Resolution: Delete all browser cookies for the Data Studio domain and retry.
Problem: SMTP Test connection failed: Could not convert socket to TLS and an error reported in the datastudio.log: Unable to find valid certification path to requested target
Cause: If any certificates are missing in the Data Studio trust store, Data Studio will fail to connect to the SMTP server with the above error.
Resolution: We have to generate the certificate from OpenSSL (ensure OpenSSL is installed in the server) and save it as .crt file and import it into the java trust store. This is mainly for SMTP servers that work with the STARTTLS protocol, where the connection is first established usually on port 25, and then after an initial server handshake, the socket is converted to TLS.
To get the certificate use OpenSSL Command:
openssl s_client -starttls smtp -crlf -connect <SMTP Server>:25
The certificate will be the text beginning with
-----BEGIN CERTIFICATE-----
and ending in
-----END CERTIFICATE-----
Then save the certificate as a .crt file and add it to the Data Studio Java truststore.
Finally, configure the SMTP connection:
Problem: An email notification from Aperture Data Studio contains a URL that is not reachable/shows IP address instead of the DNS hostname.
Cause: The Server.externalHttpHostAddress property is not setup correctly. This is used to translate the IP address to publicly accessible DNS hostname for email notifications.
Resolution: Set the server property Server.externalHttpHostAddress to the correct DNS name, where the server is publicly accessible.
Your Experian Batch isn't configured correctly.
To check, go to the addressValidate\runtime folder in your Data Studio installation (e.g. C:\ProgramData\Experian\addressValidate\runtime).
Using the Command Prompt, run BATWV64.EXE (the Experian Batch API test harness). You should see the list of available address layouts. For Use layout number
enter the number of the layout from the list that corresponds to a country you have configured.
If you get an error, Experian Batch hasn't been configured correctly. Contact us for help.
By default, the qaworld.ini contains all the address and component layouts used by each data set.
You shouldn't delete these layouts but you can make modifications as long as the layout continues to be valid (i.e. it works in the test harness).
If the qaworld.ini no longer contains address and component layouts, we recommend rolling back to the default version which can be found in addressValidate\templates.
The address validation engine has a hard limit of 32 handles. If you reach that limit, an error occurs and a message will be shown on screen: 4003: An error occurred in the Address validation engine: 'No free API handles' (-8610)
.
The number of handles that are currently in use is reported in the log.
12:36:06.266 [Thread-136] INFO com.experian.datastudio.Qas.BatchObjectLayer.QasSearch - Batch handle count decreased from QasSearch: 29
12:36:06.272 [Thread-100] INFO com.experian.datastudio.Qas.BatchObjectLayer.QasSearch - Batch handle count decreased from QasSearch: 28
Users will have to wait for address validation engine handles to be available before continuing.
Problem: An error is reported when running Find duplicates: An error occurred running Find Duplicates step: Failed to connect to Standardization server.
Cause: The Standardize
service is not running.
Resolution:
To fix the issue:
Experian Aperture Data Studio {version number} Standardize Server
, right-click it and select Properties.Experian Aperture Data Studio {version number} Standardize Server
and select Start.Problem: An error is reported when running Find duplicates: An error occurred running Find Duplicates step: Failed to connect to Standardization server.
Cause: The Standardize
service is not running.
Resolution:
To fix the issue, you need to check you have sufficient privileges to start system services:
GdqStandardizeServer
, right-click it and select Properties.GdqStandardizeServer
service and select Start.Problem: When attempting to start the Tomcat service, the service startup fails. This occurs for two main reasons, outlined below.
Cause 1: Tomcat is unable to find java installed on that machine.
Resolution 1: Configure the JAVA_HOME environment variable.
Cause 2: There is insufficient memory allocated to Tomcat.
Resolution 2:
It is recommended that a minimum of 8GB RAM is allocated to Tomcat.
Problem: The Find Duplicates server is running and the Find Duplicates Swagger page (http://{host}:8080/match/docs/index.html
, or http://{host}:8080/match-rest-api-{version}/match/docs/index.html
if this is a Tomcat deployment) is accessible, but Data Studio reports an invalid URL when testing the connection and calling the \system
endpoint from Swagger returns a 500 internal server error
Cause: The most likely cause for this is that the Find Duplicates service (or Tomcat if this is a web server deployment) does not have permissions to access the licensing folder (by default C:\ProgramData\Experian). This normally occurs if the service is running as a named user or as LOCAL_SERVICE
.
Resolution: Two options exist for resolution.
LOCAL_SYSTEM
Data Studio data may be backed up by archiving the complete data directory structure as well as some other files stored in the program directory.
Data Studio generates log files which can be useful for monitoring or troubleshooting the application. These can be found in ApertureDataStudio/data/log folder or where otherwise configured.
To enable log downloads:
Server.LogDownloads=true
to the server.properties file and restart Data Studio server. Alternatively, turn on the Enable server log downloads option in Settings > System. By default, only the super admin will have access.
To access the logs go to System > Server logs.