After upgrading MongoDB to version 8, the following error may be shown: 

You are connecting to a sharded cluster improperly by connecting directly to a shard. Please connect to the cluster via a router (mongos).

Resolution

Change the connection port to 27016.

For more information about Stitch and MongoDB, see MongoDB integration summary.

Environment

• Stitch

The Qlik Sense Client Managed mobile app was updated to version 1.31.1 or later versions.

Selecting a Qlik Sense server fails with:

Failed to authenticate using OAuth.
Please contact your administrator.

Resolution

With the 1.31.1 release of the Qlik Sense Client Managed mobile app for iOS comes an update to the integrated Microsoft Intune version to 20.5.0, which will also update the Microsoft authentication protocol in use.

Administrators will need to take action to configure the correct redirect URI as documented in Upcoming Qlik Sense Client-Managed Mobile Release iOS 1.31.1: Deploying with Microsoft Azure and Intune.

Environment

• Qlik Sense Client Managed mobile app for iOS 1.31.1

Qlik Stitch will error out with the following after changing Snowflake authentication from single factor password to key-pair in destination‌ 

Cannot perform CREATE SCHEMA. This session does not have a current database. Call 'USE DATABASE', or use a qualified name.

Resolution

Please try these two steps below

1. Specify PEM/PKCS#1 standard It should be input with the format like with no spaces in between

   -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----

2. Set a default role for the db user by running the following ALTER command from Snowflake end.

   ALTER USER SET DEFAULT_ROLE STITCH

Cause

This issue is probably caused by a lack of permissions.

Related Content 

https://docs.snowflake.com/en/sql-reference/sql/alter-user

Environment

Stitch 

Question I

Is possible to use Key Pair Authentication with Stitch's Snowflake destination？

Stitch connects to Snowflake using multiple authentication methods, such as username/password and key pair authentication. Since the Stitch Snowflake destination supports key pair authentication, you can switch from single factor authentication to key-based authentication.

Question II

How to switch to key pair authientication and any notice?

Please follow up this online documentation: connecting-a-snowflake-data-warehouse-to-stitch and there's a checkbox that changes password to private key when you are reviewing the connection

When changing authentication methods of a Snowflake destination's user from password to key-based authentication , you will need to use a PEM formatted RSA un-encrypted private key.

To generate an unencrypted version, please use the following commands in the command prompt:

openssl genrsa -out rsa_key.pem 2048    Generate the RSA key (PKCS#1 format)
openssl pkcs8 -topk8 -inform PEM -in rsa_key.pem -out rsa_key.p8 -nocrypt   Convert the RSA key to PKCS#8 format

The Key should appear as follows, with the header and footer included (an example with virtual numbers )

-----BEGIN PRIVATE KEY-----
hfakjshdsdvfncvssejkfhncvsjdkwekjhjxxdfnjae
-----END PRIVATE KEY-----

It is possible to try to specify PEM/PKCS#1 standard with no spaces in between:

-----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----

Apparently,  you can go from PKCS#8 to PKCS #1 just by adding RSA, so this can also be considered a dynamic solution.

Environment

Stitch 

A connection issue is encountered with the DB2 for LUW source endpoint in Qlik Talend Cloud after upgrading the gateway to 2024.11.54.

The error message:

Cannot connect to DB2 LUW Server. RetCode: SQL_ERROR. Message: [IBM][CLI Driver] SQL10007N Message "0" could not be retrieved. Reason code: "3". Failed to connect using Data Movement gateway local_repsrv. Please check that the gateway status in Management Console > Data gateways is "Connected", then try again.

Resolution

Fix Version

The fix will be available in a version released after 2024.11.54.

Workaround

1. Edit the file /opt/qlik/gateway/movement/bin/site_arep_login.sh
2. Add the line:
   

   source /home/qlik/sqllib/db2profile

3. Restart the RepAgent service

Cause

This behavior was unintentionally introduced by a recent security vulnerability fix. 

Environment

• Qlik Talend Cloud

Opening an app in Qlik Cloud Analytics fails with the following error:

An error occurred
TraceCode.QEP-126
Error code: QEP-126

Resolution

Either reduce the size of the app to below the upper limit, or contact your Qlik account manager to purchase larger app support. 

Cause

Typically, the cause of this error is that the app being opened exceeds the size limit defined in the license. For information on storage limits, see Qlik Cloud Analytics specifications and capacity.

Environment

• Qlik Cloud Analytics

Snowflake has mandated the use of MFA (Multi-Factor Authentication) for all users. As a result, traditional password-based authentication is no longer sufficient.

To bypass MFA for automated processes, the endpoint was configured using RSA key-based authentication (public/private key pair). While the test connection on the Snowflake endpoint succeeds, the actual data replication task consistently fails during the PUT command execution.

Inspecting the Snowflake shows the PUT command succeeds, yet Qlik Replicate reports a failure with the following error:

"RetCode: SQL_ERROR SqlState: HY000 NativeError: 40 Message: [Snowflake][Snowflake] (40) Failed to upload file"

Resolution

There are multiple possible root causes and solutions. This article documents two most common scenarios.

Firewall Restriction

A firewall rule may be blocking Qlik Replicate's file PUT operation to Snowflake's local stage, preventing file upload during bulk load.

To resolve

Engage your network and security team to review firewall logs and:

• Confirm whether bulk load traffic (such as large PUT file uploads to Snowflake) is being blocked or restricted.
• Temporarily allow unrestricted egress to .snowflakecomputing.com and related AWS resources for verification.

Proxy Interference or Certificate Trust Issue

A proxy server could be interfering with traffic. Alternatively, the SSL certificate may not be trusted by the proxy layer or Snowflake endpoint.

To resolve

Verify the Proxy Bypass Configuration:

1. Go to Manage Endpoint Connections
2. Go to the Snowflake Endpoint
3. Go to Advanced
4. In Additional ODBC Connection Properties, ensure the NO_PROXY option is set to bypass the proxy for Snowflake domains: 
   “NO_PROXY=.snowflakecomputing.com,.amazonaws.com”
   
   Example:
   

   AUTHENTICATOR=SNOWFLAKE_JWT;PRIV_KEY_FILE=D:\QLIKKey\rsa_key.p8;PRIV_KEY_FILE_PWD=123456;role=APP-WS;PROXY=proxy.ibm.local:9595;NO_PROXY=.snowflakecomputing.com,.amazonaws.com

Environment

• Qlik Replicate

Loading the Qlik Cloud Monitoring Apps (example: App Analyzer) fails with the error:

...Error: Invalid argument. (Connector error: HTTP protocol error 401 (Unauthorized):
...Requested resource requires authentication.)

Resolution

1. Verify the status of the existing API key to confirm it has expired
2. Generate a new key and replace it in the REST connection configuration by following the instructions in the Qlik Cloud Monitoring Applications Installation Guide.

Cause

Expired API Key.

Environment

• Qlik Cloud Analytics

Loading a script in Qlik Sense Enterprise on Windows fails with:

"$(MUST_INCLUDE= 'lib://xxx.qvs'" cannot access the local file system in current script mode.

Resolution

If the issue occurs for all users

Disable standard mode: Disabling standard mode | help.qlik.com 

If the issue affects only certain users

The user does not have read permission to the connection. Create a custom security rule to grant the user access to the folder connection.

Example security rule:

• Resource filter: DataConnection_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
• Action: Read
• Advanced: ((user.name="Sample_user"))

Cause

The user running the script does not have read permission to the folder connection.

Environment

• Qlik Sense Enterprise on Windows

Question

Is it possible to use deprecated versions of integrations in Qlik Stitch?

You can use deprecated and sunset versions of integrations in Stitch, however, which are not eligible for Qlik Stitch Support.

If there is a breaking change made from the integration source,  Qlik Stitch Engineers will not able to check the code base to investigate and you will need to upgrade to the latest version of the integration. 

Please note that there are many differences between the version  you are currently on and the latest version. It is highly recommended to review Qlik Stitch's changelog to see what has been changed and enhanced.

https://www.stitchdata.com/docs/changelog/

Environment

Stitch 

Question

How to identify deleted records in Stitch's Shopify integration?

This is unfortunately not possible so far, since Shopify does not offer a deletion identifier in API to denote deleted records.

Environment

Stitch 

You may be encountering an error when attempting to authorize a Pipedrive integration:

"HTTP-error-code: 401, Error: unauthorized access".

Resolution

You should verify the authorization of the credentials and possibly check with the Pipedrive team as well to confirm the access.

Cause

This error suggests that the credentials provided were not authorized to access the object as expected.

Environment

Stitch 

After reboot of Qlik Sense Enterprise on Windows nodes (such as after a Windows Update), all tasks are stuck in the Qlik Sense Management Console and do not trigger at the expected time.  

Running them manually fails without errors.

Resolution

Task chain schedules intermediate triggers on the success of parent tasks were set with Time Constraint of 1000000 Days. 

1. Connect to QRS database and search for time constraint “excessive” days triggers by issuing the following query: 

   SELECT "ID","Name","ModifiedByUserName" FROM public."ReloadTasks" where "ID" in
   (Select "ReloadTask_ID" from public."CompositeEvents"
   where "ID" in (SELECT "ID" FROM public."CompositeEventTimeConstraints" where "Days" > 360));

2. The query will find all Task IDs, task Names, and users who last modified the trigger that are set to constraints higher than one year.

3. If it returns only a few rows, review the task accordingly with the user and agree on a lower time constraint.

4. If too many tasks are returned for manual changes, use the following query to change the time constraint:

   update public."CompositeEventTimeConstraints" set "Days" = 1 where "Days" > 365 ;

   While the Select query can be used without stopping services, using the Update query requires all services except the PostgreSQL (or Qlik Sense Repository Database) on all nodes to be stopped.

Internal Investigation ID(s)

SUPPORT-4128

Environment

• Qlik Sense Enterprise on Windows

After upgrading to QlikView 12.80, multiple users logged in to the same machine (such as through RDP) are unable to use the QlikView Desktop client's webview feature.

A spinning wheel is displayed, and nothing is loaded.

Resolution

Upgrade to QlikView 12.90 SR1 or later and configure additonal ports:

1. In Windows Explorer, navigate to C:\Users\<user>\AppData\Roaming\QlikTech\QlikView\
2. Open the settings.ini file
3. Add the variable WebViewPort=4751
   4751 is the first available port after 4749.
4. Increase the number for each following user (example WebViewPort=4752 for the second user)

If you cannot upgrade and will remain on 12.80, instruct your users to open QlikView as administrators:

1. Right-click the QlikView Desktop shortcut
2. Choose Run as administrator

Cause

The default port (4749) is locked for only one user.

Internal Investigation ID(s)

QV-25347

Environment

• QlikView

Deploying an app with Qlik CLI from Git (with app unbuild and app build ) fails when using the --bookmark parameter. 

Resolution

• Verify that the app contains the bookmarks. If the source app has bookmarks, they will be included in the building process. If there are no bookmarks in the source app, they will not appear in the target app. 
• Verify the syntax used:
  
  

  qlik app build --bookmark --app --git-repo

Environment

• Qlik Cloud Analytics
• Qlik CLI

In Stitch, Shopify V3 Integration will get extraction failure when using Shopify GraphQL API to extract data and selecting author field from events table.

ERROR GraphQL Error: [{'message': 'Access denied for author field. Required access: `read_users` access scope. Also: The app must be a finance embedded app or installed on a Shopify Plus or Advanced store. Contact Shopify Support to enable this scope for your app.

Resolution

To run your integration successfully, please de-select the affected field in the integration.

1. Navigate to the impacted integration Tables to Replicate tab
2. Click on the table to view the selected fields (Event)
3. Search for field "author"
4. De-select the field and Finalize the selection

Cause

As Shopify GraphQL API imposes limits on fields that can be replicated, it restricts the author field from events table due to security reasons.

In reference to this error, 

https://community.shopify.dev/t/why-is-read-users-so-locked-down/1180
https://community.shopify.dev/t/public-non-financial-apps-need-read-users-scope/10066

Related Content 

What has changed?

The data structure has been re-organized for consistency and clarity. Some fields may look different or appear in new locations. Several fields are also deprecated by Shopify.

To review the changes, reference: https://www.stitchdata.com/docs/integrations/saas/shopify/v3#what-has-changed

Internal Investigation ID(s) 

Internal investigation Jira ID:SUPPORT-4147

Environment

Stitch 

You may be expericing the Task Execution is failing with "Unexpected Error" when Qlik Talend Administration Center can't connect to Artifact Repository (Nexus/jfrogartifactory). When "Use Latest Version" is enable,  it adds a property in configuration properties file

enable.artifact.check=true      Default value is true

And Qlik Talend Job Server will need connection to artifactory/nexus to check if the version is the latest one. When artifact repository is down and the connection is not working, it can cause job execution failed in Talend Administration Center.

Errors can contain below messages which are 2 stages. If cannot retrieve the checksum at the first time,  it will try to re-download the artifact, and result in failed task when connection is still not established 

ERROR ArtifactoryBrowserBusiness - Cannot retrieve checksum from Artifactory for artifact:

DEBUG ExecutionTaskHandler - Re-download zip file from Artifactory, repoId: org.talend.administrator.esbconductor.business.nexus.ArtifactoryBrowserBusiness.getDownloadUrl(ArtifactoryBrowserBusiness.java:506) ~[classes/:?]
at org.talend.administrator.esbconductor.business.nexus.ArtifactoryBrowserBusiness.checkArtifactFromArtifactoryByCiVersion(ArtifactoryBrowserBusiness.java:416) ~[classes/:?]
at org.talend.administrator.esbconductor.business.nexus.ArtifactoryBrowserBusiness.downloadArtifactFromArtifactoryByCiVersion(ArtifactoryBrowserBusiness.java:401) ~[classes/:?]
at org.talend.administrator.scheduler.business.ExecutionTaskHandler.checkGeneratedJobFileInArchiveAndRedownloadIfNeeded(ExecutionTaskHandler.java:1529) [classes/:?]
at org.talend.administrator.scheduler.jobs.RemoteTaskExecution.executeRemoteJob(RemoteTaskExecution.java:555) [classes/:?]
at org.talend.administrator.scheduler.jobs.RemoteTaskExecution.execute(RemoteTaskExecution.java:284) [classes/:?]
at org.talend.administrator.scheduler.jobs.RemoteExecutionSwitcher.execute(RemoteExecutionSwitcher.java:51) [classes/:?]
at org.quartz.core.JobRunShell.run(JobRunShell.java:199) [quartz-all-1.7.3.jar:?]
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546) [quartz-all-1.7.3.jar:?]
2024-12-20 10:01:21 INFO RemoteTaskExecution - ###### Task ENDED with error(s) - ExecutionTask[taskName='testteask', taskId=44]
2024-12-20 10:01:21 ERROR RemoteTaskExecution - ###### Unexpected exception on:

Resolution

Two ways to avoid this situation when you may be facing potential connection issues with Artifact Repository.

1. Set below parameter in configuration properties file which means there will be no checks on version of the jobs before execution, your will need to check and manually reconfigure the task if there's version updates.

   enable.artifact.check=false  Default value is true

   
2. As this "Use Latest Version" option is available from Patch_20240823_TPS-5605_v1-8.0.1 and upwards, you can configure TAC to use the local copy of the job when Artifact Repository connection has issues. With this configuration in TAC configuration.properties , Set "Use Latest Version" as enabled as required and use below parameter ensure the artifact repository connection availability won't effect the job execution

   use.local.job.when.download.failed.from.artifact.repository =true    Default is set to false

For Additional control and to allow for executions not being effected by known connection/environment issues, the desired Administrator can chose to configure Talend Administrator Centre in a way to allow the executions with latest available version wheather Artifact Repository connection is down.

Further Configurations have been added from Patch_20250221_TPS-5996_v1-8.0.1 Release and onwards. 
With parameters

artifact.repo.actions.retry.attempts = 5

artifact.repo.actions.retry.delay= 5000

Cause

If you have chosen the "Use latest Version" when configuring the task , Qlik Talend Administrator Centre will check if Jobserver does have the latest version of the job. If not, it will download the correct latest version available in the Artifact Repository.

The "Unexpected Error" error will pop up when these checks and downloads fail due to Nexus/Artifactory Connection Issues.

Environment

• Talend Administration Center 
• Talend Studio 

Stitch users may encounter a non-transient LinkedIn Ads 400 error in the Stitch integration.

Resolution

As of the writing this article, Qlik's engineers are investigating ways to alleviate and resolve this issue, but for now, users should contact LinkedIn directly.

Cause

This is caused by the LinkedIn API server being unable to process the ad request due to a problem with the request itself, often a syntax error.

Environment

• Stitch
• LinkedIn

Out of the box, Stitch does not include the capability to restrict logins based on IP addresses.

This can be achieved with an SSO (Single Sign On) setup that supports the required functionality. 

Example:

If a Stitch account has Azure AD SSO enabled, then Stitch can leverage Azure AD's capabilities.

Given the specific use case of wanting to restrict login access by IP address, the Azure AD Conditional Access approach would be the most straightforward and effective solution.

It leverages the existing Azure AD SSO setup and provides the IP-based access control required without needing changes to Stitch's infrastructure. Customers can achieve this outside of Stitch since we do not have built-in features for it specifically.

For additional reading, see:

• Conditional Access: Network assignment | learn.microsoft.com
• How to restrict user to access particular application from a specific office location in Azure| stackoverflow.com

Environment

• Stitch

Opening an app in Qlik Cloud analytics fails with the following error:

An error occurred
Access is denied
Error code: 5

Resolution

Verify that the end user's USERID is included in the Section Access statement.

For more information about Section Access, see Managing data security with Section Access.

Cause

Typically, this error is related to permissions in conjunction with Section Access. The user attempting to open the app is not included in the Section Access statement.

Environment

• Qlik Cloud Analytics