Alteryx Server Knowledge Base

Definitive answers from Server experts.

'Tis the season to be spooky! Read our new blog, How Spooky is Your City? Mapping and Predicting Scary Stuff. In it, @SusanCS provides a fun glimpse into using data to figure out the creepy quotient of where you live! And don't forget to check out our Digital Costume Thread to get yourself in the mood for a candy binge!

After setting up SAML in Azure, and the client attempts to login to gallery, receive Access Denied - Key issue within AAS.logs
View full article
After installing Alteryx Server as either a full Server or a Worker node, it doesn't start up and no AlteryxService exists in the service list.
View full article
Configure the Gallery SMTP server using a Gmail account
View full article
Configuring SAML on Alteryx Server for Active Directory Federation Services (ADFS)   Alteryx Server has the ability to use most identity providers that support the SAML 2.0 standard, and from my testing, ADFS is no exception! The following information will assist with configuring Alteryx Server to be functional with ADFS.   Please note the following information is based on third-party software and processes may be slightly different on older or newer versions of the software. The following was created against ADFS v4.0 running on Windows Server 2016 and Alteryx Server 2019.2.   Prerequisites   AD FS Server Account with access to perform administration tasks All users that will login must have an email address attribute Alteryx Server >= 2018.2 Account with access to perform administration tasks SSL/TLS Certificate Installed on Alteryx Server (Self-Signed certificate is not recommended)   Procedure   Verify that your Alteryx Server's Gallery function has been configured with SSL/TLS enabled on each Gallery node in the environment and that a proper SSL certificate is installed. Instructions are provided in the link above. This and following steps will require an ADFS administrator. Open the AD FD Management utility (Start > Windows Administrative Tools > AD FS Management) Click Relying Party Trusts from the console, then click Add Relying Party Trust... Click Enter data about the relying party manually and click Next. Type a Display name for the trust. I placed "Alteryx Server" here, but you can use a name that best identifies the connection for you, such as a server name or other easily identifiable name. Then click Next. Click Next on the Configure Certificate page. Check the box for Enable support for the SAML 2.0 WebSSO protocol. Type the URL of the Alteryx Server's SAML endpoint in the Relying party SAML 2.0 SSO service URL box, which typically will be the base URL of Alteryx Gallery with the addition of "/aas/Saml2". Once you have added the proper URL, click Next. Note: this endpoint may be case sensitive depending on settings in your environment. I would recommend entering it with the capitalization as shown in the screenshot and example below. Example: Gallery URL: https://trn-srv-07.cs.alteryx.com/gallery SAML Endpoint: https://trn-srv-07.cs.alteryx.com/aas/Saml2 In the Relying party trust identifier, type the same SAML endpoint as the previous step and click Add to add the URL to the list below. Click Next. Select Permit everyone from the Access Control Policy and click Next. Note: You may wish to configure this option differently depending on the environment and whom you wish to be able to authenticate with Alteryx Gallery, or you may wish to setup Multi-Factor Authentication (MFA). Specific access permissions and these types of setup are outside the scope of this article. Click Next on the Ready to Add Trust page. Check the box next to Configure claims issuance policy for this application and click Close. Within the new Claim Issuance Policy window, click Add Rule...  Verify the Claim rule template is set to Send LDAP Attributes as Claims and click Next. Type a desired name for the rule within the Claim rule name box. From the Attribute store drop-down, choose Active Directory. Using the following table, set the appropriate options within the Mapping of LDAP attributes to outgoing claim types box. Click Finish. Note: The following outgoing values are case sensitive and will need to be typed except for "SAM-Account-Name". LDAP Attribute Outgoing Claim Type E-Mail-Addresses email Given-Name firstName Surname lastName SAM-Account-Name Name ID On the Claim Issuance Policy window, click Apply to apply the settings, then click OK. You will now need an administrator with access to the Alteryx Server machine(s) running the Gallery for your environment. Connect to the machine remotely via Remote Desktop. Open the Alteryx System Settings application, then click Next until you are at the Gallery > Authentication page. From the Authentication Type box, click the radio button next to SAML authentication. In the Select an option for obtaining metadata required by the IDP, click the radio button next to IDP Metadata URL. !Warning!: It is not recommended to change the authentication type once you have established the persistence layer (e.g. MongoDB) and started using a particular authentication method in your environment. Differences in user account structure will be likely to result in errors in the Gallery if the authentication method is changed in an established environment. If you are changing authentication methods, it is recommended to create a new persistence database! From the SAML IDP Configuration box, set the ACS Base URL to the root of the Gallery URL plus "/aas". Example: Gallery URL: https://trn-srv-07.cs.alteryx.com/gallery ACS Base URL: https://trn-srv-07.cs.alteryx.com/aas Set the IDP URL (also known as Entity ID) to the Federation Service identifier value from ADFS. Example: https://sts1.cs.alteryx.com/adfs/services/trust Note: If you are not positive on the value for this, ask your ADFS administrator or download the metadata XML with the link you are using in the next step and look for the "entityID". Set the IDP Metadata URL to the location of the Federation Metadata xml file provided by the ADFS server. Example: https://sts1.cs.alteryx.com/FederationMetadata/2007-06/FederationMetadata.xml Note: If you are not positive on the value for this, ask your ADFS administrator. Click Verify IDP. If all goes well, you should receive a message similar to the following: Note: See the Common Issues section below for tips on troubleshooting! Click Next through the remainder of the System Settings dialogs, then click Finish. (Optional) Return to Step 17 if you have additional Gallery node(s) to configure. Once all Gallery node(s) are configured, attempt to access your private Alteryx Gallery and log in with your fresh new SAML configuration!   Common Issues   AlteryxAuthorizationService.exe has stopped working or there is a failure to set the Default Gallery Administrator -Turn off IE Enhanced Security Configuration on the Alteryx Server if you have crash errors while verifying the IDP information. This feature can be turned back on once you have the configuration in a functional state. https://www.limestonenetworks.com/support/knowledge-center/17/70/how_do_i_disable_internet_explorer_enhanced_security.html -Verify that the values in the SAML IDP Configuration are correct for your ADFS server. -Verify that the ADFS server was configured with the correct claim attributes. -Check the AlteryxAuthorizatonService.exe logging directory (%PROGRAMDATA%\Alteryx\Logs) for any clues. -Open Event Viewer within Windows and look for errors that may be of use in the Application log. -If still stuck, reach out to our Support team. I'd suggest providing the following:     1. Values set in the Alteryx System Settings application for SAML     2. AAS log files (found in %PROGRAMDATA%\Alteryx\Logs\)     3. Configuration screenshots for ADFS    Additional Resources    
View full article
Prevent creation of font file wqy-microhei.ttc in Alteryx temporary folder   With 2019.3+, one could noticed the creation of files Rtmpxxxxxx\wqy-microhei.ttc in Alteryx temporary folder, each time a workflow that contains a predictive tool or R tool runs. Such files are not removed automatically.     Example:     Environment   Product - Alteryx Designer, Alteryx Server with predictive tools 2019.3+   Cause   Alteryx Predictive tools 2019.3, implemented a new way to handle fonts, to help with some particular problems encountered with some languages ( internal reference: DE18722). Fix is based on packages sysfonts and showtext, which uses showtextdb.  Font file wqy-microhei.ttc is loaded automatically when package showtextdb is imported and is never released. This leads to the accumulation of unwanted files.   Solution   I. For standard version of the Predictive Tools:   1. Uncompress attached file fixed_package.zip in %TEMP%. %TEMP% is a Windows environment variable which will be replaced by a value specific to your system. %TEMP% should now contain  a file named showtextdb_2.0.tar.gz             2. Stop Alteryx Designer or AlteryxService has not process should access the library between the change   3. Open a command prompt - as Administrator if you have Alteryx Server or an admin version of Alteryx Designer - standard otherwise   4. Go to R folder in Alteryx distribution (replace %ALTERYXDIR% with relevant value, example cd C:\Program Files\Alteryx\R-3.5.3\bin   cd %ALTERYXDIR%\R-3.5.3\bin     5. Rename library folder   move ..\library\showtextdb showtexdb.old     6. Install patched library. In following example replace %ALTERYXDIR% by Alteryx product installation path. Note that character "/" is used as the delimiter (example: --library="C:/Program Files/Alteryx/R-3.5.3/library" )   r CMD INSTALL --library="%ALTERYXDIR%/R-3.5.3/library" %TEMP%\showtextdb_2.0.tar.gz     7. Start Designer or AlteryxService        II. If Microsoft R is used with Alteryx Predictive Tools:   Following assumes that Microsoft R was installed using default location: C:\Program Files\Microsoft\R Client   1. Uncompress attached file fixed_package.zip in %TEMP%. %TEMP% is a Windows environment variable which will be replaced by a value specific to your system. %TEMP% should now contain  a file named showtextdb_2.0.tar.gz             2. Stop Alteryx Designer or AlteryxService to ensure that no process will access the library during the operation   3. Open a command prompt as Administrator   4. Go to bin folder for Microsoft R   cd "C:\Program Files\Microsoft\R Client\R_SERVER\bin"     5. Rename library folder   move ..\library\showtextdb showtexdb.old     6. Install patched library   r CMD INSTALL --library="C:\Program Files\Microsoft\R Client\R_SERVER\library" %TEMP%\showtextdb_2.0.tar.gz     7. Start Designer/AlteryxService    Additional Resources   Use the title of the target page in the bulleted list, and embed a hyperlink Be sure to set the link to open a new page
View full article
How to check what's using the port and steps for changing some services' default port!
View full article
Everything you need to get started with your own instance of Server!
View full article
Use the following instructions to download and complete installation via the Alteryx installation wizard in v2018.1!
View full article
Now, find all your Server and Gallery questions and answers in one place!  The new Gallery Admin Help Page has your Server Installation Guide, Configuration instructions, and the much-requested Administer Gallery management features - Subscriptions and Studios defined!  Manage your user permissions!  Edit user accounts!   
View full article
Receiving the error below when attempting to schedule a module?   “An error occurred in the scheduler. Server Error: 500 Server Error GetExpectedValue: Expected “Container” but got “Sid” Incorrect type requested 1 actual 4”   Post v10.5 release, your Alteryx Server and working environment must be of the same version in order to enjoy the upgrades of the release and still be able to commit scheduled workflows correctly. When the versions of your worker and server do not match, you’ll receive the error above. While our recommendation is to be using the most up to date release, you can always upgrade or revert your designer version either at our Downloads page (current version) or the Previous Releases webpage. To check on the version you’re using, you can navigate in the Designer to the Help >> About menu.
View full article
Alteryx Server on Azure Prerequisites To work with Alteryx Server on Azure, you will need: An Azure subscription. If you don’t have an Azure subscription, you can sign up for a free trial. Microsoft Remote Desktop (RDP) software. Remote Desktop is used to connect to the virtual machine (VM) running Alteryx Server. An Alteryx Server license. An Alteryx Server installer. Installers can be downloaded from alteryx.com. Select your Windows Server version and VM size Select a Windows Server version and VM size that meets or exceeds the system requirements for Alteryx Server. Take a look at Azure’s VM size table to see what size best fits your needs. Make sure to consider price vs. performance. Larger VMs perform better but cost more.    Step 1: Create a VM   1. Log in to the Azure portal. 2. Click on the Newbutton in the top left.     3. Click on Virtual Machines   4. Choose a version of Windows Server. Select Windows Server 2012 R2 Datacenter if you don’t have a preference.    5. At the bottom of the page, click the Create button.   6. Fill out the required information in the Basicssection of the Create Virtual Machine pane. Click the OK button at the bottom to move on after you’ve filled out the required fields. Name: A name for your VM. User name: A user that will have the ability to RDP into the VM. Password: The password for the above user. Subscription: If you have multiple subscriptions, choose which subscription to put the VM in. Resource group: Resource groups help group together related VMs. Either create a new resource group or place the new server into an existing group of similar resources. Location: Where you’d like the server to be placed. You should select a location that will be closest to your users for optimum performance.   7. In the Sizesection, choose a size that meets the tech specs for Alteryx Server. When ready, click the Select button at the bottom.   8. In the Settingssection, configure the various settings for how you’d like to configure the VM. Generally, you’ll want to leave the defaults in place. For Availability Set select None. Click the OK button at the bottom when done.   9. Review the VM settings in the Summarypane and make sure everything looks correct. Click the OK button at the bottom when ready.   10. Click on the VM once it’s been deployed. Click Settings > Network Interfaces > $INTERFACE > Network security group > Inbound security rules > Addto start adding a new rule to the security group.   11. Add a rule for HTTP access. This will allow installations of Alteryx Designer to talk to the Alteryx Server VM. Give the rule a name and change the Protocol to TCP. It is highly recommended to change the Source setting to be locked down to an IP address or an IP range that you control. When finished, click the OK button. Add more access rules as needed for any other IP addresses or IP ranges. Step 2: Connect to the VM   Click on the Virtual Machinesentry on the left side of the page. Click on the VM’s name in the list. Click on the Connect This will download an .rdp file for Remote Desktop connections. Open the file downloaded in the previous step. If you see a warning that the publisher of the remote connection can’t be identified, click Connect. This will open a new Remote Desktop connection. Enter the user name and password set during VM creation. Step 3: Install Alteryx Server Installing Alteryx Server in Azure is similar to installing on any other server.   Note: If you plan on using a Gallery with Windows authentication, you’ll need to set up Active Directory in Azure. For more information, see Install a replica Active Directory domain controller in an Azure virtual network in the Azure documentation. Download the installer from alteryx.com. Note: The default security policy of Internet Explorer in Azure is set to High. This means that you’ll have to manually add downloads.alteryx.comto your list of trusted sites.   OR Copy the installer from your computer. If you’ve already downloaded the Alteryx Server installer to your computer, you can copy it as you would any other file into a folder on the Azure VM. Double-click on the installer from the Azure VM. This process is the same as installing Alteryx Server on any other computer. Step 4: Connect to Alteryx Server   Activate your license. Get the Controller Token from the Azure VM from the Alteryx System Settings Open port 80 on the Windows Firewall. In Alteryx Designer, go to Options > Schedule Workflow. In the Controllerdropdown, select Connect to Controller... Paste in the DNS name or IP of the Azure VM and the Alteryx Server Controller Token from Step 2.
View full article
Recently, we have had a number of questions regarding SSL certificates, how to install them, and how to configure Alteryx Server to use them. While the Alteryx Server Installation and Configuration Guide does cover enabling SSL for Alteryx Server, it doesn’t cover obtaining a certificate, or how to install that certificate so it can be used by the server.   There are a number of tools and methods you can use to obtain a SSL certificate to use with Alteryx Server.  In this article we will be focusing on using OpenSSL to create a Certificate Signing Request (CSR) to send to a Certificate Authority (CA), generating a self-signed certificate, installing the certificate, and configuring Alteryx Server to use the certificate.   Note: If you don’t have OpenSSL installed on your server you can download a precompiled Win32 or Win64 binary from https://slproweb.com/products/Win32OpenSSL.html. Please keep in mind that OpenSSL is not developed, or maintained by Alteryx. That we have no affiliation with the OpenSSL project, or the provider of this precompiled binary. As such feel free to use which ever implementation of OpenSSL you are comfortable with.   Creating a Certificate Signing Request with OpenSSL:   To generate a CSR, open an administrator command prompt on your server and navigate to the directory containing your OpenSSL.exe and configuration file. From there run the following command:   openssl.exe req -config openssl.cfg -out ServerName.csr -new -newkey rsa:2048 -nodes -keyout ServerName.key   This will prompt you to answer a number of questions related to your organization and the server. You can use the included a screenshot for your reference, but keep in mind the responses should be based on your organization and server information.     This command will create two files in the same directory with a .csr and .key extension. These files will need to be provided to your CA in order to have your certificate created. This can be either an internal CA, or a public CA such as; Verisign, GeoTrust, DigiCert, Entrust, StartCom, etc. The CA will provide you with a signed certificate in return as a .crt, .cer, .pem, or .pfx file.   Creating a Self-Signed Certificate with OpenSSL:   You can also use OpenSSL to generate a self-signed certificate. While this isn’t recommended for production environments there maybe a number of reasons why you would want to create one. Some possible reasons include dev or lab environments, and testing to confirm functionality before purchasing a certificate from a public CA. Regardless of your reason you can do so with the following procedure:   Open an administrator command prompt and navigate to your OpenSSL directory. Once there, run these commands:   openssl.exe req -config openssl.cfg -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout ServerName.key -out ServerName.crt openssl.exe pkcs12 -export -out ServerName.pfx -inkey ServerName.key -in ServerName.crt   The first command generates a signed certificate (.crt file) and private key (.key file). The second command creates a combined certificate and key file in a .pfx format from the generated certificate and key. Please keep in mind you will be asked the same or similar questions as you would if you were generating a CSR. Please reference the screenshots below:       Note: As previously stated we do not recommend using self-signed certificates in production environments.   Installing the Certificate:   Once we have received the signed certificate from the CA or generated a self-signed certificate we need to install it. To install the certificate we need to open a Microsoft Management Console (MMC) to access the Certificates snap-in by following these steps:   Click Start and then click Run. In the command line, type MMC and then click OK. In the Microsoft Management Console (MMC), on the File menu, click Add/Remove Snap-in. In the Add Remove Snap-in dialog box, click Add. In the Add Standalone Snap-in dialog box, select Certificates and then click Add. In the Certificates snap-in dialog box, select the Computer account radio button because the certificate needs to be made available to all users, and then click Next. In the Select Computer dialog box, leave the default Local computer: (the computer this console is running on) selected and then click Finish. In the Add Standalone Snap-in dialog box, click Close. In the Add/Remove Snap-in dialog box, click OK.   Next, we need to actually import the certificate. To do this:   Expand Certificates > Personal Right click on certificates under personal Select All Tasks > Import.     This will open the certificate import wizard.     Click Next       Browse to the certificate file provided by your CA, or the pfx file generated in the self-signing instructions Click Next   If you are using a self-signed certificate, or your CA issued a certificate that includes the private key you will be prompted for the password/phrase. Otherwise this step will be skipped by the import wizard.     Enter the password Check the box to mark this key as exportable Click Next   The next screen will ask to confirm where you want to place the certificate. This should have the Certificate store set to ‘Personal’ already.      Set the Certificate store to Personal if needed Click next On the next screen click Finished   If you are installing a self-signed certificate we need to repeat these steps in order to establish the local server as a trusted authority. To do this install the certificate a second time following the same steps as above. Except this time we are going to install it to the Trusted Root Certificate Authorities store instead of the Personal store. You can do this by expanding Trusted Root Certificate Authorities, right clicking on certificates, and choosing All Tasks > Import, or by changing the Certificate store at the end of the import wizard.       Configuring Alteryx Server to Use the Certificate:   At this point you can follow the detailed instructions in the Alteryx Server Installation and Configuration Guide to complete the configuration. Alternatively (and for completeness), you can continue with these simplified instructions.   First you need to collect the certificate thumbprint for the certificate you installed above. You can do this from MMC > Certificates > Personal > Certificates by right clicking on the installed certificate and choosing open. This will open a certificate dialog for the certificate you installed. From there, select the Details tab and find the Thumbprint field. Copy the value and remove all spaces from it (e.g. ‎74d4ca722e2954cd225f9b4697d2fc7f6747194c).     Next, you need to bind http port 443 to the certificate. To do so, open your administrator command prompt again. Then run the following command, making sure to replace the certhash with the thumbprint value you captured:   netsh http add sslcert ipport=0.0.0.0:443 certhash=‎74d4ca722e2954cd225f9b4697d2fc7f6747194c appid={eea9431a-a3d4-4c9b-9f9a-b83916c11c67}     To check that the binding is correct, you can run the following command:   netsh http show sslcert       Note: When renewing an expired or expiring certificate, you will need to delete the current binding (netsh http delete sslcert ipport=0.0.0.0:443), capture the thumbprint of the new certificate, and rebind the certificate using the instructions above.   For the final step, you will need to configure the Gallery service to use SSL. To do this open Alteryx System Settings and click Next until you reach Gallery > General. Once there find the Base Address section and check the box to Enable SSL. Then click Next, Finished, or Done as appropriate to apply the settings change and restart the Alteryx Service.     Note: The URL must also match the name the certificate was issued to. As such, if the certificate was issued to the server's fully qualified domain name (e.g. hostname.domain.tld), your URL needs to match this by using https://hostname.domain.tld/gallery/. If the certificate was issued to just the hostname, you would need to use https://hostname/gallery/. If the URL doesn’t match the certificate the service will fail to start properly.       Applicable versions: Alteryx Server 10.0 & 10.1 Credits:
View full article