This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
Guide to Gallery Data Connections - FAQ
Creating a Gallery Data Connection will allow ease of access for Alteryx users to connect to databases. The feature also allows the Alteryx Gallery and Database Administrators more governance over what connections are being made as well as who are making the connections.
What are the advantages of using a Gallery Data Connection?
Centralized area for Administrators to create and share database connections
Avoids the need for IT to create database connections on each users machine individually
Easy permissions management - access to the connections can be enabled or disabled instantly
Users no longer need to know the connection information to connect to their data
What actually happens when you create the connection on the Gallery?
When you create a Gallery Data Connection, a record is created in MongoDB under the AlteryxGallery > dataConnections collection.
"_id" : ObjectId("5a5882573b910b5758cdd7e2"),
"ConnectionString" : "4D35F08105015D7A81E5E274760D1C3529146D9516CACD028F1A353994C7DFB2ABAC8A99B1F284CCB7935B96F0FBD2EC9A9239B3305D4DE60D1C749C4E7BC65A597ED943742FB057EDD0F1882FFF98D6ED7888312215761DB1FA02B0EF425F9F98E645E73FB98481AC130D05F1A0CC0DBD42D4AC1F38E8DF8CA5759A6A4823F86C6FC212BD93263F83B90515DF6926B934FA086466A70992DF984C297A47C1DFFD749A642A6267B9FFC87B766127CE6C3D945FC64A8A25A2414DB2450AD6CAAD8D9202BFEBAF22C91B1371E1BA4C9CEB6E454B46B3BF4417D5280E53BCB5BE6AA734B",
"PasswordSecured" : "",
"ConnectionName" : "SQL_on_Gallery",
"Subscriptions" : ,
"Users" : [
Once the connection is shared, it is also attached to that person's entry in AlteryxGallery > users collection.
"_id" : ObjectId("503bac145031af11f8f8e479"),
"Curator" : true,
"Anonymous" : false,
"LicenseCurator" : false,
"Sponsor" : "",
"Email" : "firstname.lastname@example.org",
"FirstName" : "Ash",
"LastName" : "Ketchum",
"DataConnections" : [
"CanSchedule" : true,
"CanSetPriority" : false,
"CanSetWorkerTag" : true,
"RecaptchaResponse" : null
What happens when the connection is used in Designer?
As soon as a user links their Gallery to Designer, a sync takes place that grabs all the connections they have access to and creates a file called GalleryAlias.xml in the user's* profile:
C:\Users\USERNAME\AppData\Roaming\Alteryx\Engine *99% of the time this will be the user logged into the machine, but there is also the possibility that the user is right-clicking and running Designer as a different user.
This file will be updated/synced when you:
Open the Manage Data Connection window from Options > Advanced Settings > Manage Data Connections.
Click Sync All in the Manage Data Connections Window:
What happens when you execute a workflow on the gallery that uses a Gallery Data Connection?
The Gallery 'translates' the connection from an XML file. One of the following will be used:
The Gallery performs a permissions check.
The permissions check ONLY applies to the user who uploaded the workflow. If the connection has not been shared with the uploader, it will error:
Unable to translate alias SQL_on_Gallery
The workflow is executed and the connection to the database is attempted. Any further any further errors will be around the connection string/driver itself, i.e.
Error SQLDriverConnect: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified.
What does 'translate the alias' mean?
This refers to the unpackaging and reading of the XML file to take the alias name (SQL_on_gallery) to the actual connection string. This must first happen before the connection to the database will even be attempted.
If this fails for any reason, you get the following error:
Unable to translate alias X
What is the __TemporaryAlias.xml file, and when is it used?
When you publish a workflow to the Gallery that contains one of these connections, a file called __TemporaryAlias.xml is packaged with the workflow.
You can see this file when you click Manage workflow assets during publication:
By default, this asset is checked - it should be checked so that the workflow can use this XML to translate the alias.
Once the workflow runs, it is pulled down and unpackaged into the Staging folder.
Which of the two XML files are used?
The Designer first will try to use the __TemporaryAlias.xml file. This is the preferred way, because as mentioned this XML file is packaged with the workflow,, meaning it can successful translate on whatever machine (worker) it runs on:
If you don't package the __TemporaryAlias file, it will then try to use the GalleryAlias.xml file. As mentioned, since this is in the User's profile, you would need the Run As user to have this file synced and available in their profile. This method is not preferred. Another issue with this method is that the file will need to be synced on all worker machines.
What are the most important things to know to make sure my workflow will run successfully on the Gallery?
Always package the connection when publishing to the Gallery.
From a permissions perspective, once the workflow is on the Gallery, it doesn't matter who runs the workflow for the translation to happen. Only the uploader of the workflow needs to have the connection shared with them.
Configuring SAML on Alteryx Server for Active Directory Federation Services (ADFS)
Alteryx Server has the ability to use most identity providers that support the SAML 2.0 standard, and from my testing, ADFS is no exception! The following information will assist with configuring Alteryx Server to be functional with ADFS.
Please note the following information is based on third-party software and processes may be slightly different on older or newer versions of the software. The following was created against ADFS v4.0 running on Windows Server 2016 and Alteryx Server 2019.2.
AD FS Server
Account with access to perform administration tasks
All users that will login must have an email address attribute
Alteryx Server >= 2018.2
Account with access to perform administration tasks
SSL/TLS Certificate Installed on Alteryx Server (Self-Signed certificate is not recommended)
Verify that your Alteryx Server's Gallery function has been configured with SSL/TLS enabled on each Gallery node in the environment and that a proper SSL certificate is installed. Instructions are provided in the link above.
This and following steps will require an ADFS administrator. Open the AD FD Management utility (Start > Windows Administrative Tools > AD FS Management)
Click Relying Party Trusts from the console, then click Add Relying Party Trust...
Click Enter data about the relying party manually and click Next.
Type a Display name for the trust. I placed "Alteryx Server" here, but you can use a name that best identifies the connection for you, such as a server name or other easily identifiable name. Then click Next.
Click Next on the Configure Certificate page.
Check the box for Enable support for the SAML 2.0 WebSSO protocol. Type the URL of the Alteryx Server's SAML endpoint in the Relying party SAML 2.0 SSO service URL box, which typically will be the base URL of Alteryx Gallery with the addition of "/aas/Saml2". Once you have added the proper URL, click Next. Note: this endpoint may be case sensitive depending on settings in your environment. I would recommend entering it with the capitalization as shown in the screenshot and example below. Example: Gallery URL: https://trn-srv-07.cs.alteryx.com/gallery SAML Endpoint: https://trn-srv-07.cs.alteryx.com/aas/Saml2
In the Relying party trust identifier, type the same SAML endpoint as the previous step and click Add to add the URL to the list below. Click Next.
Select Permit everyone from the Access Control Policy and click Next. Note: You may wish to configure this option differently depending on the environment and whom you wish to be able to authenticate with Alteryx Gallery, or you may wish to setup Multi-Factor Authentication (MFA). Specific access permissions and these types of setup are outside the scope of this article.
Click Next on the Ready to Add Trust page.
Check the box next to Configure claims issuance policy for this application and click Close.
Within the new Claim Issuance Policy window, click Add Rule...
Verify the Claim rule template is set to Send LDAP Attributes as Claims and click Next.
Type a desired name for the rule within the Claim rule name box. From the Attribute store drop-down, choose Active Directory.
Using the following table, set the appropriate options within the Mapping of LDAP attributes to outgoing claim types box. Click Finish. Note: The following outgoing values are case sensitive and will need to be typed except for "SAM-Account-Name".
Outgoing Claim Type
On the Claim Issuance Policy window, click Apply to apply the settings, then click OK.
You will now need an administrator with access to the Alteryx Server machine(s) running the Gallery for your environment. Connect to the machine remotely via Remote Desktop.
Open the Alteryx System Settings application, then click Next until you are at the Gallery > Authentication page.
From the Authentication Type box, click the radio button next to SAML authentication. In the Select an option for obtaining metadata required by the IDP, click the radio button next to IDP Metadata URL. !Warning!: It is not recommended to change the authentication type once you have established the persistence layer (e.g. MongoDB) and started using a particular authentication method in your environment. Differences in user account structure will be likely to result in errors in the Gallery if the authentication method is changed in an established environment. If you are changing authentication methods, it is recommended to create a new persistence database!
From the SAML IDP Configuration box, set the ACS Base URL to the root of the Gallery URL plus "/aas". Example: Gallery URL: https://trn-srv-07.cs.alteryx.com/gallery ACS Base URL: https://trn-srv-07.cs.alteryx.com/aas
Set the IDP URL (also known as Entity ID) to the Federation Service identifier value from ADFS. Example: https://sts1.cs.alteryx.com/adfs/services/trust Note: If you are not positive on the value for this, ask your ADFS administrator or download the metadata XML with the link you are using in the next step and look for the "entityID".
Set the IDP Metadata URL to the location of the Federation Metadata xml file provided by the ADFS server. Example: https://sts1.cs.alteryx.com/FederationMetadata/2007-06/FederationMetadata.xml Note: If you are not positive on the value for this, ask your ADFS administrator.
Click Verify IDP. If all goes well, you should receive a message similar to the following: Note: See the Common Issues section below for tips on troubleshooting!
Click Next through the remainder of the System Settings dialogs, then click Finish.
(Optional) Return to Step 17 if you have additional Gallery node(s) to configure.
Once all Gallery node(s) are configured, attempt to access your private Alteryx Gallery and log in with your fresh new SAML configuration!
AlteryxAuthorizationService.exe has stopped working or there is a failure to set the Default Gallery Administrator -Turn off IE Enhanced Security Configuration on the Alteryx Server if you have crash errors while verifying the IDP information. This feature can be turned back on once you have the configuration in a functional state. https://www.limestonenetworks.com/support/knowledge-center/17/70/how_do_i_disable_internet_explorer_enhanced_security.html -Verify that the values in the SAML IDP Configuration are correct for your ADFS server. -Verify that the ADFS server was configured with the correct claim attributes. -Check the AlteryxAuthorizatonService.exe logging directory (%PROGRAMDATA%\Alteryx\Logs) for any clues. -Open Event Viewer within Windows and look for errors that may be of use in the Application log. -If still stuck, reach out to our Support team. I'd suggest providing the following: 1. Values set in the Alteryx System Settings application for SAML 2. AAS log files (found in %PROGRAMDATA%\Alteryx\Logs\) 3. Configuration screenshots for ADFS
The Alteryx Analytic Gallery
What is an Analytic Application?
Pre-packaged data and analytic integration published to the Alteryx Analytics Gallery by Data Artisans to answer specific strategic analytics questions. What is the Analytics Gallery?
The Analytics Gallery is a publicly hosted web service where applications can be published, securely shared, and run in the cloud.
What is a Viewer?
A Viewer is a free user of the Analytics Gallery. A Viewer can run all applications published in the Public Gallery.
What is a Member?
A Member is a user who can run applications that are shared privately through Collections. A Membership is granted by a Data Artisan. A Member also shares the privileges of a Viewer to run all applications published in the Public Gallery.
What is a Data Artisan?
A Data Artisan is a user who creates analytic applications using the Alteryx Designer Desktop and then shares them publicly and/or privately in the Analytics Gallery. A Data Artisan also shares the privileges of a Member.
What is required to run applications in the Public Gallery?
Anyone can sign up and become a Viewer, with the ability to run all applications in the Public Gallery, for free. As soon as you confirm your email, you will have access to the Public Gallery.
What is required to run an application in a private Collection?
You must be a Member to run applications shared in private Collections. Memberships are granted by Data Artisans, who create and share applications.
What is required to build applications?
Applications are built with Alteryx Designer Desktop. Download the Designer Desktop Free Trial.
What is required to publish applications in the Analytics Gallery?
Applications are published from the Alteryx Designer Desktop into a private Studio.
A Studio is automatically created for license holders of the Designer Desktop.
Trial users of the Designer Desktop can set up a Studio with a 30-Day Studio Free Trial
A user with the Designer Desktop and a private Studio is known as a Data Artisan.
How do I run an application?
Click on the title of an application to view application details and click the Run button; or simply click the icon.
Configure the application to suit your needs. Depending upon the application, you might be prompted to enter an address for geocoding, to input a customer file for demographic analysis, or to select data from a range of choices that apply to your business.
Click the Run button at the bottom of the application.
What are the results of running an application?
Applications can be authored to create a variety of different reports and data outputs. When the application processing finishes, the results will appear in the same window as the questions you answered before running the application.
Reports can be previewed after an application has completed by clicking on the Preview link.
Additionally, results for applications that have been run can be found in the application detail view and the "App Results" tab on the left of the screen.
What kinds of reports can an application create?
Depending upon how the application was built, it may produce Word, Excel, HTML, and/ or PDF files, containing a variety of text, tables, charts, and maps.
What kinds of tabular and spatial data output can an application create?
Depending upon how the application was built, it may produce CSV, MDB/ ACCDB, DBF, FlatFile, MID/ MIF, SHP, TAB, YXDB, and/or KML files.
I ran an application but I closed the window before it finished running. How can I view the results?
Application results are stored with your account and can be accessed at any time. As long as you are signed in, the results of any applications that have finished running can be found in two places:
Under the application details page for an application.
Under "App Results" (visible on the left side of the screen when you are signed in).
How can I view more details about an application?
Click on the name of an application to view details, such as the upload date, description, author, studio, copyright, and number of times run. The application details page also includes buttons enabling you to Run, Share, and (if enabled) Download the application.
What browsers are supported by the Analytics Gallery?
We always test and support the latest versions of the most popular web browsers. For more detail about specific browser versions see ‘System Requirements’ of the Technical Specifications page.
How can I find the applications I need?
Each section of the Analytics Gallery features a context-sensitive Search field you can use to find applications.
Searching in the Public Gallery returns applications in the Public Gallery.
Searching in the Studio tab returns applications in your Studio.
Searching in a Collection returns applications in the Collection.
Additionally, a Collection created by you will offer a second search window, which allows you to find applications in your Studio and add them to your Collection
Publishing and Sharing Applications
What is a Studio?
A Studio contains all of the applications published by the Data Artisans within an organization.
Who has access to the applications published in a Studio?
All of the Data Artisans within an organization, and only those Data Artisans, can view and run any applications in their Studio.
How can I rename my Studio?
Click on your User Name to go to your Settings.
Select the Studio Tab.
Enter a new name in the Studio Name field.
Click the save button.
How can an application be shared?
When an application is published in a Studio, all Data Artisans belonging to that Studio can access it.
An application in a Studio can also be shared to the Public Gallery, where anyone can access it.
An application in a Studio can also be shared in a Collection. Any users added to the Collection can access it.
As a Data Artisan, how can I share an application privately with someone?
Publish an application from the Designer Desktop to your private Studio.
Add the application to a Collection.
Add the User to the Collection. In order to run the application, the user must be a Member.
As a Data Artisan, how do I grant a Membership to someone?
Click on your User Name to go to your Settings.
Select the Studio Tab.
In the Members section, enter an Email address or User Name.
As a Data Artisan, how can I tell how many Memberships I have to distribute?
Click on your User Name to go to your Settings.
Select the Studio Tab.
Find "Memberships available to distribute" in the Members section.
How can I purchase additional Memberships?
Please contact Sales@Alteryx.com.
What applications can be added to a Collection?
Only applications published in the Data Artisan's Studio may be added to a Collection. Applications in the Data Artisan's Studio may also (at their discretion) be shared in the Public Gallery. However, applications in the Public Gallery that were published from other Studios cannot be added to a Collection.
Can an application be added to more than one Collection?
As a Data Artisan, do I also need a Membership?
No, Data Artisans are also Members.
I am a Data Artisan or Member. I want to run an application shared with me from a different organization. Do I need a Membership from that organization? No. A single Analytics Gallery Membership entitles you to run private applications shared from any Collection.
As a Data Artisan, how can I add another Data Artisan to my Studio?
Please contact email@example.com for assistance.
My organization has more than one Data Artisan. Who controls the distribution of Memberships?
At present, all Data Artisans have equal access to Membership distribution under Studio Settings.
What types of users can be added to a Collection?
Data Artisans, Members, and Viewers can all be added to a Collection. You can even enter the email address of someone who has not yet visited the Analytics Gallery.
Can a Viewer who is added to a Collection run the applications in the Collection?
Only those applications in the Collection that have also been shared in the Public Gallery by the Data Artisan can be run by the Viewer.
What types of users can run private applications in a Collection?
If an application in a Collection has not been shared in the Public Gallery, Viewers (who have been invited to join the Collection) can view the application, but cannot run it. Only Data Artisans and Members can run the application.
How can I find users to add to a Collection?
Select the Collection and use the Search Users field on the right. Any registered users of the Analytics Gallery that match your search terms will be returned.
Additionally, you can add someone who has not registered with the Alteryx Analytics Gallery by entering a valid email address. An invitation will be sent.
Is there a limit to the number of applications or users I can add to a Collection?
When I add a new application to a Collection, are the users in that Collection notified?
Can I allow users within my Collection to share it with others?
Each Collection includes a checkbox on the upper right that states "Other users may share this collection." When this box is checked, anyone in the Collection will have the ability to add other users to the Collection.
The Data Artisan who created the Collection will see the names of any additional users who are added to the Collection, and can remove them.
I published an application and shared it in a Collection (or in the Public Gallery). Since then, I have made changes to the application in the Designer Desktop. Can I update it? First, select the original version and delete it. Next, re-publish the application and add it to your Collection (or to the Public Gallery)
How can I share an application in the Public Gallery?
Click on the name of an application to view the application details page. Click the Sharing button and choose "Place in Public Gallery."
How can I remove an application from the Public Gallery?
Click on the name of an application to view the application details page. Click the Sharing button and choose "Remove from Public Gallery."
How can I share an application through email or social media?
(Public Gallery applications only) Click on the name of an application to view the application details page. Click the Sharing button to share via email, Twitter, Facebook, and Google+.
What is "private data?"
A license of the Alteryx Designer Desktop may include a variety of private data sets, including demographic data, psychographic data, business list and consumer list.
Can I publish applications using private data?
Yes, applications using private data can be published in your private Studio and can be shared in Collections. They cannot be shared in the Public Gallery.
What data is allowed in the Public Gallery?
Please see Alteryx Analytics Gallery Data Inventory
What capabilities in the Designer Desktop cannot be used in the Analytics Gallery?
The following tools are prohibited in applications published in the Analytics Gallery.
Run Command tool
Run Command event
R tool (Macros included in the Designer Desktop that use the R tool are permitted.)
Send Email event
I built an application that uses a prohibited tool in a safe manner. How can I apply for an exemption?
Email firstname.lastname@example.org and explain how and why each prohibited tool is used, along with the general purpose of the application.
Publish the application in your Private Studio and check the box "Others may download this application."
Add the application to a Collection and share it with email@example.com.
Your application will be reviewed and an exemption may be made to allow it to be run.
What tool configurations or question types cannot be used in the Analytics Gallery?
Input and output files referenced by Tools must be in the same directory as the application.
The application Question type "Folder Browse" cannot be used in applications published to the web.
In the application Question type "File Browse," the "Save As Dialog" configuration cannot be checked.
Application results (under analytic application properties) cannot include Browse tools.
Are there limits to the file size of applications and/or data published in the Analytics Gallery?
Yes, applications and data are limited to 100MB.
What are my options if I want to publish an application and data that exceed 100MB?
Please use the Cloud Connector tools within the Designer Desktop to host your data on the cloud.
Are chained applications supported in the Analytics Gallery?
At present, chained applications are not supported.
I forgot my password. How can I reset it?
Click Sign In and click the Forgot Password link. Enter the email address associated with your account and a new password will be emailed to you.
Can I download an application?
Yes, many applications can be downloaded. View application details and click the Download button. Use the Alteryx Designer Desktop to open the *.YXZP files that are downloaded. Go to Designer Desktop Free Trial to get started if you're not already an Alteryx customer.
I need help with my account. Who should I contact?
Please log a case at www.alteryx.com/community.
I found a bug on the Analytics Gallery or in an application. Who should I contact?
Please log a case at www.alteryx.com/community.
How can I purchase additional Memberships, Data Artisan accounts, or extend my subscription?
Please contact Sales@alteryx.com.
How can I recommend a feature for the Analytics Gallery?
Please send your feedback to GalleryFeedback@alteryx.com.
Where can I connect with other Alteryx users to ask questions and learn about best practices?
Who is the better captain, Kirk or Picard?
Schedules Disabled - Logon Failure the User has not been Granted the Requested Logon Type at this Computer
A change in Run As credentials or workflow credentials needed can lead to the user(s) loosing access to his workflows.
When clicking on a workflow the below error appears.
Error: Logon failure: the user has not been granted the requested logon type at this computer. (1385)
Apps appear in state 'disabled'
When trying to access apps the above error message appears
Product - Alteryx Server with set up gallery environment
This error occurs when the Run As User credentials or the workflow credentials do not have sufficient permissions on the server. More specifically, 'Allow log on locally' or 'Log on as a batch job' group policy permission are required for the user to log onto the server. If neither is granted to user the above error appears.
Check that that Run As credentials are set correctly. Refer to Help doc page https://help.alteryx.com/server/current/admin/index.htm#Configuration/RunasPermissions.htm.
Specifically, 'Allow log on locally' or 'Log on as a batch job' group policy permission are required.
Platform Product: Server/Gallery/Scheduler Issues – Working with Alteryx Customer Support Engineers (CSEs) (for use by CSEs and Alteryx Customers)
To EXPEDITE the resolution of your case, please include the below information.
Server/Gallery/Scheduler- Requested Information
*** Suggestion: Copy/Paste the questions below and email to firstname.lastname@example.org
1. Detailed description of the Issue
2. Is this a Production Issue? What is the urgency?
3. Have there been any changes made recently? Update to Alteryx, Server, etc.?
4. Alteryx Version
5. Screenshot of Error
6. Gallery/Service/Engine Logs
7. Runtime Settings.xml
8. Check for LastStartupError.txt file (may not be there)
9. Screenshot of System Settings
10. Windows Event Logs
11. System Info – File Save - .nfo
Server/Gallery/Scheduler – Requested Information (Detailed Instructions):
1. Detailed Description of the Issue – What issues are you having? Has it worked in the past? When did the issue start? Are all users affected or just some? What are the steps to reproduce your issue? What have you tried to resolve the issue? Have you searched the Alteryx Community ?
2. Is this a Production Issue? What is the urgency? How many people is this affecting? Are you able to complete most of your work? Do you have a time frame that you need to resolve the issue?
3. Have there been any changes made recently? Update to Alteryx Designer, Server, etc.? What do you think may have caused the issue? What have you done to try to resolve the issue?
4. Alteryx Version – Our Customer Support Engineers need to know the precise version so we can replicate any issues. In Alteryx, click Help > About and provide a screenshot, or the exact version number.
5. Exact Text of Error or Screenshot of error- Click CTRL-Print-screen to capture the error and paste into your e-mail. Note: You may wish to Google the error text research the issue. The Knowledgebase is also a great place to search the error text as well! Where was the error encountered? Gallery?
6. Gallery, Service and Engine Logs are the best way for us to get to the root of the problem. We look at errors and warnings. For the Alteryx logs (Gallery, Service, and Engine), please include the logs that reflect the time of the error/crash (the logs immediately before and after the error/crash). Before sending the logs, recreate the issue, and then send the latest logs. Use Alteryx App - Server Logs the easy way! OR…
Default Paths: Gallery Logs (\ProgramData\Alteryx\Gallery\Logs) Service Logs (\ProgramData\Alteryx\Service\AlteryxServiceLog.log) *** Send several .log files. Engine Logs (\ProgramData\Alteryx\ErrorLogs)
If you have Server, and do not have logs in the pathways above, click Options >> User Settings >> System Settings, and note the paths that the logs are written to. Navigate to that location and collect the logs. If the path is not yet set, pick a path, rerun the workflow to create the error, and then send the logs.
Locating the path of your Engine logs:
Note: it’s important to note that by default Engine logs do not generate, therefore this field will be empty for most users. If a user wants to enable Engine Logging, then they will need to set a directory of their choosing in this field.
Locating the path of your Service logs:
Locating the path of your Gallery logs:
If you aren't using Server, you're probably using a Desktop Automation/ Scheduler installation that has logs located in C:\Program Data\Alteryx\Engine. However, if you have Desktop Automation/ Scheduler and do not have logs in this pathway, click Options >> User Settings >> System Settings, and note the paths that the logs are pointed to. Then locate and send the logs.
If the path is not set yet, pick a path, rerun the workflow to create the error, and then send the logs. If there is not a directory, check "Override System Settings", and enter a path for “Logging Directory." Rerun your workflow to create the error and send the new log files.
Check out this resource for more information on Alteryx logs!
7. RuntimeSettings.xml – This file gives us helpful information about your specific instance configuration and the default location will be in the directories shared above, unless you have a custom installation. You should have a RuntimeSettings.xml file, even if it is not in the default directory, and should be able to recover it for sharing with a disk search of the file name.
File Location: C:\ProgramData\Alteryx\RuntimeSettings.xml
Note: This search will find two RuntimeSettings.xml. One will be from the Program Files Directory. We do not want this file, only the one from C:\ProgramData
This file outlines the configuration of your Server and will provide Support critical information on how the node is configured. In a multi-node environment, we will need this file from each node. This file will only exist for Server installations and Desktop Automation/Scheduler installations. Regular Non-Admin Designer installations will not have this file available.
8. Check for LastStartupError.txt file
This file will be in the same path as set in the System Settings: Controller >> General >> Logging
Default is: C:\ProgramData\Alteryx\Service
May contain helpful messages to identify your issue.
9. Screenshot of System Settings – Click Control Panel >> All Control Panel Items >> System. We need your system settings to replicate issues you are having on a similar configuration.
This information in conjunction with the RuntimeSettings.xml will help Support be sure that your Server is properly configured for the amount of resources that are available.
10. Windows Event Logs (Optional)- Event logs provide historical information that can help you track down system and security problems. Provide System and Application logs in evtx format.
From the Windows Start menu, search for “event” and choose Event Viewer.
Expand the Windows Logs and right-click on ‘Application’ and select ‘Save All Events As…’ and save as *.evtx file
Right-click on ‘System’ and select ‘Save All Events As…’ and save as *.evtx file
11. System Info - Records events logged by the operating system or its components, such as the failure of a service to start at bootup. System Information shows details about your computer's hardware configuration, computer components, and software, including drivers.
System Information will provide Support with the detailed specifications of your Server that will be very helpful when troubleshooting complex issues. This will provide us with information about the Services that are running, specific information around the CPU and memory of the system, available drive space, and other information that can be very useful for identifying potential problems.
Click Start and in the Search Programs and Files Field, type msinfo32.exe. Click File >> Save and save as .nfo file.
Alteryx Server Knowledge Base Alteryx Server Backup & Recovery Part 1: Best Practices
Alteryx Server Backup & Recovery Part 2: Procedures Analytic Gallery FAQ's Alteryx Gallery Series - The Lay of the Land 101: Gallery Admin Edition
Server licensing and scaling is getting an update! In the past, server scaling has been handled by two separate products: the Alteryx Server Additional Node and the Alteryx Server 2 Core Add-On. Alteryx Server Additional Node allows for horizontal scaling by licensing separate worker nodes which report to a controller, while Alteryx Server 2 Core Add-On allows for vertical scaling by enabling more computing power on the controller machine. These two separate products to scale server can cause friction for our end users, License Administrators, and IT Administrators alike as the scaling needs of the organization change. To better enable scaling, we're cleaning up our products and removing the friction with the Alteryx Server Additional Capacity product.
How Does It Work? The new Alteryx Server Additional Capacity license will act as both a 'base' and an 'add-on' license. This means that during the activation process, the Alteryx Server Additional Capacity license will identify if there is already an Alteryx Server license present, if an Alteryx Server license is being activated simultaneously, or if no Alteryx Server licenses are present. If a Server License Key (Alteryx Server, Alteryx Server Sandbox, or Alteryx Enterprise Server) is activated before or alongside the Alteryx Server Additional Capacity License Key, the Alteryx Server Additional Capacity license will act as an add-on and license two additional cores on the box. If the Alteryx Server Additional Capacity license is being activated alone, the product will act as a 'base', allowing the licensed machine to function as a worker node. How many cores does the Alteryx Server Additional Capacity license? One seat on the Additional Capacity key will license 2 cores. This applies to either scenario, whether the key is acting as a base product or as an add-on. The key will also automatically activate as many seats as needed to completely license the machine during the initial activation. What versions of Alteryx will the Alteryx Server Additional Capacity key work on? The Alteryx Server Additional Capacity key will work for versions 2019.2 or newer of Alteryx. If you are running a version older than 2019.2 and have been provided this product, reach out to the Fulfillment team (email@example.com) to exchange the license key for the equivalent legacy product(s). Can I apply multiple seats on the same key or multiple unique keys of Alteryx Server Additional Capacity to the same Server? Yes! When activated, the Alteryx Server Additional Capacity product will identify how many cores are on the controller, and apply as many as needed to fully license the machine. If the number of cores available on the Alteryx Server Additional Capacity is unable to match the number of cores on a machine, the Additional Server Capacity license will activate as many seats as are available. For example, if you have an 8 core worker machine and only 2 seats on the Alteryx Server Additional Capacity key, both seats will be activated to license the device for 4 cores. Will the Alteryx Server Additional Capacity key retroactively replacing existing License Keys? We have no plans to replace the Alteryx Server Additional Node or Alteryx Server 2 Core Add-On License Keys from existing orders. However, all future orders that contain a server scaling product will be licensed with the Alteryx Server Additional Capacity product. All previously purchased server scaling products will continue to work on any version past 11.7. If you would like to upgrade to 2019.2, your previously purchased keys will have no trouble migrating. When is this product going to be available? The Alteryx Server Additional Capacity product will be launched and available for order with the release of 2019.2. Got another licensing question? Check out this community article! If your question not answered there, please reach out to the Fulfillment Team (firstname.lastname@example.org)!
How To: Modify Gallery Session Timeout
This article shows how to modify the session timeout for the Gallery. A session timeout specifies the number of minutes that a Gallery session can remain idle (inactive) before the session will be terminated. The default session timeout value is 60 minutes. When the session timeout occurs the user will be returned to the Sign In page:
Note: This setting applies to Built-in or SAML authentication only. When using Integrated Windows authentication Alteryx does not enforce a session timeout as the user has a valid Windows session.
Authentication Type: Built-in or SAML
If you have a multi-machine Server environment, the following steps should be performed on the Gallery node(s) only.
Open Windows File Explorer and navigate to %PROGRAMDATA%\Alteryx\.
Create a backup of the RuntimeSettings.xml file.
Open the RuntimeSettings.xml file in an editor and add the following line in the Gallery section:
Example RuntimeSettings.xml file with a 20 minute session timeout.
Save the file and restart the AlteryxService.
Gallery System Settings
Alteryx Server System Settings Deep Dive - Engine
This is the first in a series of articles to explore the Alteryx Server System Settings in depth to gain a deeper knowledge of what these settings are used for, and to provide a bit more context to help you determine the appropriate settings for your environment. Every organization's deployment, use cases, and business requirements are different and thus there is no single configuration to fit all. Having an understanding of the implications of each setting is vital in setting up your Alteryx Server for success.
We’ll explore the system settings for Alteryx Server as of 2019.2, through a series of articles for each component, starting with the Engine. The Alteryx Engine consumes Alteryx workflows and provides high-speed data processing and analytics functionality. This process can be entirely self-contained in Alteryx Designer, scaled across an organization by the Alteryx Service, or deployed in the cloud by the Alteryx Gallery.
The Alteryx Server System Settings configuration wizard allows end users to modify the Engine configuration settings:
Any changes to the configuration settings in the System Settings wizard are applied to the RuntimeSettings.xml file, found at:
Note, this file should never be modified through an editor unless specifically requested from Alteryx Customer Support.
A few of these settings are self-explanatory and sufficiently described in the Help. However, many of these can often be confusing, and some have performance implications that aren’t well understood. The subsequent sections will dive into these settings in more detail.
“The Engine Temporary Directory is the place where temporary files used in processed workflows and apps will be placed. This setting should point to a location that is safe to write large amounts of files.”
The Engine Temporary directory is a parent directory in which each workflow executed creates a sub directory for storing data needed during the processing of the workflow. Below is not an exhaustive list, but includes the most common types of data stored in the Engine temporary directory:
Browse Tool Support - Every Browse Tool in the workflow creates a separate Alteryx Database file (.yxdb) that stores the contents of the data you see in the Browse’s Results and Configuration windows. The Browse Tool allows you to view all the data as opposed to a sample, and therefore the created .yxdb files could be quite large if the data sets being processed are large. Therefore, the number of Browse Tools should not be prolific. NOTE: The temporary .yxdb files are only created when an Alteryx Workflow is run in Designer. When workflows are executed through the Gallery or a schedule, browse tools are disabled.
Browse Everywhere Support – The Browse Everywhere features allows you to click on the output anchor of a given tool and see a sample of the data at that point in the workflow. All the data viewable in the various output anchors across a workflow is stored in one Alteryx Browse Everywhere file (.yxbe). The size of this file is determined by how many tools are in the workflow multiplied by the “Memory Limit Per Anchor” size which will be discussed later in this article. NOTE: The temporary .yxbe file is only created when an Alteryx Workflow is run in Designer. When worfklows are executed through the Gallery or a schedule, Browse Everywhere is disabled.
Tool Specific Support – Some tools create temporary files as part of their processing, for example the Download and Spatial Match tools.
Paging / Swap Space – When the Engine's memory processing requirements exceed that of the “Default sort/join memory usage” setting (covered later in the article), temporary files (.tmp) are created to retain data that can be quickly retrieved later. The number and size of these temp files is determined by the size of the data sets being processed, and the types of tools in the workflow. The Engine 101 Basics blog does a great job of describing how certain “blocking” tools need access to all rows of a dataset to process it. The presence of these blocking tools will drive up the likelihood that the Engine will need to use temporary files to complete its processing.
Example Engine Temp directory for a running workflow where the files described above are evident.
These files are all deleted when the workflow processing is complete. For a Designer user, this means when the Workflow is closed or upon initiating another execution of the Alteryx Workflow in Designer. For a Server user, this means upon completion of the workflow execution. Note, the Engine Temporary Directory is used when running workflows from Alteryx Designer. When running on an Alteryx Server, the Worker’s “Workspace” directory is used to store these temporary files.
It is highly recommended to set the Temporary Directory to a different drive than your system boot drive (C:\). If the C:\ drive on Windows fills up, the system can become unresponsive or even unstable. If an additional drive (D:\) fills up, no harm is done to Windows and the system will remain functional.
The Temporary Directory is used for frequent I/O operations to read and write data. Configuring this directory on Flash/SSD storage is a great way to improve performance by minimizing the wait times for those read & write operations to complete. See the Measuring and Scaling a Private Server blog post for more information.
When running in Designer, minimize the use of Browse Tools when working with large data sets to reduce workflow processing times and keep the Temp directory from filling up.
Understand that temporary directories can grow quite large during processing if working with large data sets and doing lots of sorts, joins, or other blocking operations. As an example, we saw a temporary directory grow over 150GB in size processing a 12GB data set. Your mileage will certainly vary based on data set sizes and tools used.
Memory Limit Per Anchor
“Define the maximum amount of memory to use to consume data for each output anchor for tools in a workflow. The default value typically does not need to be changed.”
This setting applies when running in Designer only as mentioned in the Browse Everywhere section. The Browse Everywhere feature allows a user to see a sample of the data (up to Memory Limit Per Anchor in size) at the output anchor of every tool. The default value is 1024 KB (1MB).
This workflow would produce a .yxbe file of approximately 12MB.
This is a great way to analyze your data without using the Browse tools which will write the entire dataset contents to disk.
A sample of the data can be seen in the output anchor of each tool.
In the event of the Temporary Directory not having enough space to create the .yxbe file, the following will be logged:
Warning - Alteryx: Disk space on temp drive running low. No browse everywhere data created.
Keeping the default Memory Limit per Anchor setting makes sense for most scenarios.
In situations where you are building a workflow with a very large data set, and the 1 MB sample just isn't enough to give you the information you need, but the full Browse tool is too heavy, it might make sense to increase this value. However, make this change on the local Designer (laptop/desktop) and not the Server which is used by many end users. This change can be made in Designer under Options -> User Settings -> Edit User Settings:
Designer users can override the Memory Limit per Anchor in the Advanced User Settings.
Default sort/join memory usage
"This is the minimum amount of memory that the Engine will consume while performing operations such as Sorts and Joins within a workflow or app. Generally, this value should not be changed.”
The Engine "Default sort/join memory usage" setting and the Worker “ Maximum sort/join memory usage ” setting have generated a lot of questions that I hope this section clears up. There are three key points to clarify:
If making changes, the Engine "Default sort/join memory usage" is the setting that should always be specified and what we'll focus on in this article. For Designer users, this value can be specified in the Options --> User Settings --> Edit User Settings wizard: The Default Dedicated Sort/Join Memory Usage setting
This setting is both a minimum and a maximum.
It's a minimum in that this amount of memory will be "committed" to each Engine process (running workflow) regardless of how much memory the Engine actually consumes processing the workflow. Therefore this amount of memory is reserved for each Engine process and not usable by other applications.
It's a maximum in that the Engine process will not consume more memory than this value. If the Engine needs more resources than the setting specified, it will start utilizing the temp (swap) space as described earlier. If the workflow launches additional processes, such as from the Run Command tool, or R by the use of Predictive Tools, those processes are NOT controlled by this setting.
Other processes are not controlled by the Engine Default Sort/Join Memory Usage setting
The setting is not specific to Sorts and Joins. As described in the Engine 101 Basics blog, “blocking” tools require access to all data for execution. This drives up memory consumption. Sort, Join, and Summarize operations are the most commonly used blocking tools but there are many others, easily identifiable with a red border in the Periodic Table of Alteryx Tools . Any workflow executing these blocking tools with high row count data sets (millions of rows) will consume lots of memory.
If the Sort/Join memory setting requested exceeds the amount of physical RAM available, Alteryx will revert to a lower value that is safe to commit. In that case a message like the following will be logged in the Alteryx Engine logs: 00:00:0.003 - Alteryx: Allocating requested dedicated sort/join memory would be more than available physical memory. Reverting to 2912MB of memory.
Only make changes to the Engine "Default sort/join memory usage" setting if necessary. The default value works well for most scenarios, and we routinely see problems occur when this value is changed without understanding when and how to configure it.
The below recommendations are just starting points. It is always recommended to configure and then test with representative workflows and usage patterns. Then reconfigure and repeat the process until the optimum values are identified.
To properly calculate a reasonable Sort/Join Memory value, we must know how many workflows will be configured to run simultaneously. This number should be determined by a server sizing exercise, and for existing customers, also take into account data from the Server Usage Report, such as queue times and job execution times. For Designer only users the number of simultaneous workflows will be 1.
For non-predictive workflows, a good starting point would be: The 4GB reservation ensures the OS and other system services are not starved of memory. If the machine will also be supporting the Gallery and Controller, then that reservation should be increased to at least 8 GB.
If the predictive tools will be used then additional memory should be reserved for the R processes. In that case a good starting point would be:
The expectation is that the machine will only be used for Alteryx processing and not shared with other applications. If other applications will also be running, then their memory requirements need to be factored into the equations above.
Again, the above recommendations are just starting points. It is always recommended to configure and then test with representative workflows and usage patterns. Then reconfigure and repeat the process until the optimum values are identified.
Default number of processing threads
“Define the number of processing threads tools or operations can use. The default value is the number of available processor cores plus one. Generally, this value should not be changed.”
This setting is determining the number of processing threads that multi-threaded tools can use. The multi-threaded tools are identifiable in the Periodic Table of Alteryx Tools . (Sort and some Spatial tools highlight the list). Configuring a higher value here may facilitate more parallelism which may result in faster completion times in the execution of these multi-threaded tools, assuming the machine has the capacity to use the specified number of threads. Specifying a higher than needed thread pool size can lead to an over-committed system in which the CPU is constantly context switching between threads which may produce longer processing times.
In Windows Task Manager, the "Logical processors" metric shows us the maximum number of concurrent processing threads on that server:
To reduce workflow run times using multi-threaded tools, set the Default number of processing threads equal to the number of Logical processors.
If the server will be executing multiple workflows simultaneously, consider using a lower value to ensure that no workflows are starved of CPU.
Run engine at a lower priority
“Select if you are running other memory intensive applications simultaneously. It is also recommended that this setting be checked for a machine configured to run the Gallery.”
The Windows Scheduling Priorities doc is a great resource to understand why this setting is important. To summarize, Windows assigns time slices of CPU time to processes based on their priority level. Applications with a higher priority will be given more CPU time than applications with a lower priority. This ensures higher priority applications get more processor time when the system is heavily utilized.
Most applications default to “Normal” priority. Some critical Windows processes have a “High” priority, such as the logon and desktop window manager processes. Alteryx installs all Server components (AlteryxService, Gallery, Designer, etc…) with the “Normal” priority. By default, this includes the Engine as well. This could lead to a scenario where resource intensive workflows are running, and the Alteryx Service layer, the Gallery, or even Designer are struggling to get CPU time since they all share the same priority level. This also could inhibit mouse & keyboard inputs, and background disk flushing.
Running the Engine at a lower priority will allow these components to remain responsive even during periods of heavy workload processing.
This setting should be enabled in all Server deployments (Controller, Worker, Gallery) to ensure Windows components, and the Alteryx Server components always get priority over intensive Engine processes.
The Alteryx Engine has many settings that can impact workflow performance and resource consumption. Understanding how each of these settings are used by the Engine, and how some settings even impact others, will allow administrators to configure Alteryx Server optimally for their environment and usage.
Issue: Alteryx Service will not Start and LastStartUpError.txt contains "No suitable servers found: `serverSelectionTimeoutMS` expired: [connection refused calling ismaster on 'localhost:27018']: generic server error" code: <mongodb:13053>
By Default, the LastStartupError text file can be found at C:\ProgramData\Alteryx\Service
Error Code: No suitable servers found: `serverSelectionTimeoutMS` expired: [connection refused calling ismaster on 'localhost:27018']: generic server error" code: <mongodb:13053>
Product - Alteryx Server
Check the mongod.lock file is > 0KB in size
Identify where the MongoDB is installed from the Alteryx System Settings under Controller > Persistence > Data Folder
Navigate to that folder in Windows File Explorer
Confirm the size of mongod.lock
Alteryx Server had an unclean shutdown.
If the mongod.lock file does have data inside (1KB usually), we recommend to first backup your persistence database (in case of corruption) before proceeding. Alternatively, in step 1 below, rename the file instead of deleting if you do not have a backup.
Delete/rename the mongod.lock file
e.g: mongod.lock renames to mongod.old
Right-click on a blank space in the window and select New > Text Document
Alternatively, if you do not have this option you can create a new text file in Notepad and save the file into this directory. If you run into issues saving into this directory directly, you can save the file to your Desktop and then move into the folder where MongoDB is installed
Name the document mongod.lock
Make sure that File Extensions are visible, otherwise this file will actually be mongod.lock.txt
Open a Windows Command Prompt and navigate to the \Alteryx\bin directory
e.g. cd "\Program files\Alteryx\bin"
Start up the MongoDB service just to make sure everything is clean:
mongod --dbpath "folder path from system settings" --auth --port 27018
With an unclean shutdown it may take a few minutes to reallocate the data. Look for a line that says "Waiting for connections on port 27018" When it appears, hit CTRL+C on your keyboard to shutdown the service.
Start up the AlteryxService. This can be done via:
Command Prompt with: sc start AlteryxService
From the Services window
Next Steps if the Mongod.Lock file was empty (0KB)
Open a Windows Command Prompt and navigate to the \Alteryx\bin directory
e.g. cd "\Program files\Alteryx\bin"
Run the AlteryxService in test mode to identify the actual error AlteryxService test
If you are unable to easily identify what is causing the error, send the service log files (path found in System Settings->Controller->General) to Alteryx Support
Workflows being run on Gallery or Scheduler return with an error Access is Denied for various file types.
The Alteryx Server is not able to perform expected actions (Signing into Gallery, Service unable to start, etc.). The Service or Gallery logs reference that the Service is unable to open/read specific files with Access Denied.
This issue has multiple potential causes, all related to permissions:
The Run As account does not have permission to dependency or file being referenced.
The Alteryx Service account does not have permission to dependency or file being referenced.
The Alteryx Service account does not have the proper permissions required to run the Alteryx Service.
Isolating the Run As Account
A workflow being run on the Server will run as whichever account is set up in either workflow credentials, the Worker Run As, or the Alteryx Service Account. The account in workflow credentials will take priority, followed by the Worker Run As, and then the Alteryx Service Account. For more information on Server Run As accounts and permissions, see this article.
To check the accounts being used at each level, look in the following locations:
Workflow credentials are established on Gallery Admin’s page under Workflow Credentials.
The Worker Run As account is set under Alteryx System Settings > Worker > Run As.
The Alteryx Service account can be found under Services (please see Isolating the Service Account to find which account is running the Service).
A quick test to see if the Run As account will have access to the proper dependencies is to log into the Worker node of the Server as the Run As account, open and run the problematic workflow in Designer.
If the Run As account does not have access to certain locations that should seem accessible by the Server, please go to Solution A.
Isolating the Service Account (error returned from workflow execution)
If workflow credentials are not enabled and there is no Worker Run As account, the Server will run workflows on the account outlined by the Alteryx Service. To find the account that is running the Alteryx Service please follow the steps below:
1. Open Services (Windows menu -> Run -> services.msc)
2. Find Alteryx Service; Right-click on the service and select Properties. Click the Log On tab.
If the Alteryx Service account does not have access to certain locations that should seem accessible by the Server, please go to Solution A.
By default, the Alteryx Service account will be run as the Local System. The Local System account normally has pre-determined permissions. More information on the Local System, see this article.
If the Local System Account does not have access to certain locations that should seem accessible by the Server, please go to Solution B.
Isolating the Service Account (error found in Service logs)
When reviewing the Service or Gallery logs, if the Service account does not have access to required folders and/or files, there will be an Access Denied error. An example is below:
Exception caught by ErrorHandler and marshalled to Client,"Alteryx.Cloud.Common.Exceptions.ForbiddenException: Access denied
If receiving the above error, please go to Solution B.
If the Run As account does not have the proper permissions to access a dependency, either grant the appropriate permission to the account for the dependency or change the Run As account to an account that does have permission.
If Service or Gallery logs are displaying Access Denied, ensure that the Alteryx Service account has all the required permissions needed to run the Alteryx Service.
If the Alteryx Service account is set to Local System, please work with IT to enable more permissions for the Local System or assign a Service account to the Alteryx Service that can have all the required permissions.
Workflows have moved to a different Private Studio
This is a hidden feature designed to allow workflows to be moved between studios. It's a holdover from our Public Gallery which is the original base for Alteryx Server.
Workflows disappeared from a Private Studio and are now in another one
Product - Alteryx Gallery
The following conditions being met will result in the workflow moving.
Source studio = free
Target studio = paid
User is last one in source studio
User is moved to target studio via access key (admin or user invoked)
All workflows move with the user regardless of ownership
There is no way to reverse the move of these workflows. The best defensive measure is to take regular backups of MongoDB, as restoring the database is the only way to revert the change.
Alteryx Server Backup and Recovery: Part 1
How To Deactivate Users on Gallery (An Alternative to Deleting Users)
If Gallery Admins would like to rescind access for specific Users on a Gallery, two methods are recommended. Deleting Users from Gallery is not supported and there is no Admin option available to delete Users entirely. The options outlined below will deactivate or revoke access.
Product - Alteryx Server
Procedure A: Built-In Gallery
1. Navigate to the Subscription page under the Gallery Admin portal -> Subscriptions. Add a new subscription, specific for Deactivated Users.
2. Add the User to the subscription by click either the Add Artisan or Add Member button.
3. Navigate to the Users page under Gallery Admin portal -> Users. Change the role of the User to No Access.
**To see the 2018.4 version layout, select the Profile Button on the User. To revoke access, switch the Active button to No.
Procedure B: Windows Authentication Gallery
1. Navigate to the Subscription page under the Gallery Admin portal -> Subscriptions. Add a new subscription, specific for Deactivated Users.
2. Add the User to the subscription by click either the Add Artisan or Add Member button.
3. Navigate to the Permissions page under Gallery Admin portal -> Permissions. Search for the User and choose No Access.
SAML (Security Assertion Markup Language) is a standardized way for exchanging authentication and authorization credentials between different parties. The most common use for SAML is in web browser single sign ons. Starting in 2018.2, Alteryx Server supports SAML. So far, SAML in Alteryx Server has been specifically validated on two providers; Ping One and Okta. In this article we will review how to configure SAML on your Alteryx Server for PingOne.
Issue When binding a certificate to an SSL port as detailed in this article, you may run into one of these 2 common errors: The parameter is incorrect. SSL Certificate Add Failed, Error: 1312 A specified logon session does not exist. It may have already been terminated. Environment Alteryx Server Cause If you are getting the message that "The parameter is incorrect," the certhash likely contains hidden characters that were inadvertently copied from the certificate's thumbprint. In the above screenshot, note the '?' at the beginning of the certhash which is causing the issue. If you are getting Error Code 1312, the certificate you are attempting to bind likely does not contain the private key. Diagnosis If you are getting Error Code 1312, you can determine if the certificate you imported contains the private key by looking at its icon in MMC. Icon only shows a certificate. The private key needs to be added. Icon includes a key. While your icon may be slightly different, the presence of a key means the private key is attached. Solution A (Incorrect Parameter) Copy the command into notepad Save As ANSI Re-open the file Remove hidden characters Re-try the command Solution B (Error 1312) Create a .pfx file with your certificate and key file using the following command (replace pfx, key, and crt filenames as appropriate): openssl.exe pkcs12 -export -out ServerName.pfx -inkey ServerName.key -in ServerName.crt Remove the previously imported certificate from MMC Follow the instructions in this article beginning with the "Installing the Certificate" section Additional Resources Configuring Alteryx Server for SSL: Obtaining and Installing Certificates
How To: Enable MongoDB logs in RuntimeSettings.xml
When trying to troubleshoot Server/Gallery issues, it can be useful to gather logs to determine if the cause is with your MongoDB. These steps will show you how to enable Mongo logging.
ALWAYS BACK UP FIRST. Make sure to make a copy of your RuntimeSettings.xml as well as your MongoDB. See this article for Backup & Recovery Best Practices
Stop your Alteryx Service
Open File Explorer and navigate to %PROGRAMDATA%\Alteryx
Open RuntimeSettings.xml in a text editor
Under the Controller section add EmbeddedMongoDBLogPath as a key
Add a directory as the value with .txt file extension.
Start your Alteryx Service and Mongo logs should be generating
The Alteryx Service is unable to start, and/or the Gallery fails to load in the browser.
The message Gallery Service failed to start in a timely fashion can be found in the Server's Service logs.
AlteryxService_LogStartupError: There was an error starting the Alteryx Service <Gallery Service failed to start in a timely fashion, exiting.>
Alteryx Service cannot start.
Alteryx Gallery fails to load.
Alteryx Service starts and then stops after a short time. The Service logs will have an error message of Gallery Service failed to start in a timely fashion.
Alteryx Gallery starts and then disconnects after a short time. The Service logs will have an error message of Gallery Service failed to start in a timely fashion.
The Service is unable to ping the Gallery endpoint. This can happen for a variety of reasons.
The gallery URL is misconfigured.
A proxy is intercepting communication between the Service and Gallery.
Traffic is not being properly routed back to Gallery (e.g. machine is being a load balancer and traffic is not coming back to Gallery).
Isolating a misconfigured gallery URL
The following base URL for Gallery can be configured as:
If this not working, please go to Solution C
2. Machine Name with Fully Qualified Domain Name (FQDN)
If (1) works and (2) does not, please go to Solution A
3. Domain Name System (DNS)
If (1) and (2) works and (3) does not, please go to Solution A
4. SSL Enabled (Compatible with all previous setups)
If (2) and (3) work, but (4) does not work, please go to Solution A
To identify which component is causing the issue, a general recommendation is to downgrade to setup (1) and move up in complication until the issue replicates.
Additionally, a common practice to isolate if the gallery is properly resolving to the correct IP address is to use “nslookup” and “ipconfig /all”.
1. Open a command prompt as administrator
2. Type "nslookup gallerywebsite.com"
**Do not include http:// or https://
The Domain Name Server and its IP address of the address that is provided (the gallery URL) will be listed
3. Type "ipconfig /all"
The Domain Server Name information and the IP address of the current machine will be listed.
If these do not match up, then this can be a source to begin troubleshooting.
Isolating a proxy
Generally, IT or the Server Admin will know if a proxy is being used on the Server.
Check cURL environment variables are configured properly.
Go to Solution B if a proxy is affecting your Gallery
Traffic is being properly routed back to Gallery
Generally, IT or the Server Admin will know of any certain setups, such as load balancers, that can affect reroutes. Wireshark traces may be obtained to get more information.
Please go to Solution A if your Gallery URL is being redirected
Check with your IT to ensure that the Server can be recognized on the company’s network or that any third party entities are properly set up (DNS, SSL, etc.)
While we do not support or recommend any specific SSL cert software, please reference the Community article Configuring Alteryx Server for SSL: Obtaining and Installing for details on how to properly sign and bind a certificate to the Alteryx Server.
Ensure that cURL environment variables are configured properly.
Common variables to check that can be the source if the traffic goes to the proxy and does not come back are: http_proxy, https_proxy, all_proxy
localhost can be affected if it is not set as a no_proxy exclusion
To set environment variables please see this article.
If any additional assistance is required, please open a ticket with Alteryx Support through the Case Portal.
SAML (Security Assertion Markup Language) is a standardized way for exchanging authentication and authorization credentials between different parties. The most common use for SAML is in web browser single sign ons. Starting in 2018.2, Alteryx Server supports SAML. So far, SAML in Alteryx Server has been specifically validated on two providers; Ping One and Okta. In this article we will review how to configure SAML on your Alteryx Server for Okta.