After installation of or upgrade to Qlik Sense April 2018 and higher, you experience randomly an issue to access the Qlik Sense Hub as the service account running the Qlik Sense services and get the error message "You cannot access Qlik Sense because you have no access pass".
If experiencing the same issue with other accounts via Hub, see You cannot access Qlik Sense because you have no access pass - intermittent problem
In the Qlik Sense Repository Audit logs (by default under C:\Programdata\Qlik\Sense\Log\Repository\Audit\AuditSecurity_Repository.txt) you can observe the following entries at the time you experience this problem:User access granted for User: 'Domain\QVService' with UsageID: 'ed3875d3-624a-424d-b624-0d596e2f9a05', SessionID: 'dddc6d06-e01f-44fb-8c0d-d0289c79abc1', SessionCount: '1', Hostname: '::ffff:192.168.1.100', OperationType: 'UsageGranted'
User access granted for User: 'Domain\QVService' with UsageID: '4782d0b6-a2c2-483e-bc40-79537011ba04', SessionID: '5d52c4dc-3f1e-4bc1-b718-023be9a8226c', SessionCount: '2', Hostname: '::1', OperationType: 'UsageGranted'
User access granted for User: 'Domain\QVService' with UsageID: '908ffcc7-e4bb-4bba-a93c-0fdc12073f4d', SessionID: '439caa86-ec49-450c-9f9f-c3f69eb7fde8', SessionCount: '3', Hostname: '::1', OperationType: 'UsageGranted'
User access granted for User: 'Domain\QVService' with UsageID: '6b62c560-0ae1-4e31-a56a-18b713ab3ae4', SessionID: 'e93f7257-9728-4d46-a296-47a17f60ed03', SessionCount: '4', Hostname: '::1', OperationType: 'UsageGranted'
User access granted for User: 'Domain\QVService' with UsageID: '16cd5ab1-8950-48d9-bcbb-f9e11fdc2077', SessionID: '0d1d7749-79ab-4603-9536-b451327f90ba', SessionCount: '5', Hostname: '::1', OperationType: 'UsageGranted'
Access was denied for User: 'Domain\QVService', with AccessID '264ff070-6306-4f1b-85db-21a8468939b5', SessionID: 'e3cd957b-a501-4bec-a3f8-d35170a73efa', SessionCount: '5', Hostname: '::1', OperationType: 'UsageDenied'
What we can see in those logs is the amount of session going up to 5 very quickly before getting Usage Denied.
Since version June 2019, the error message is "Too many sessions active in parallel
Qlik Sense April 2018 or higher
In Qlik Sense there is a limit of 5 simultaneous session you can open with the same user having a User Access Pass.
So what we see in the logs makes sense since we apparently reach the amount of 5 concurrent session with the same user.
Starting from Qlik Sense April 2018, when reloading the monitoring application, there are several call against the Qlik Sense Proxy API.
The difference with the behavior prior to Qlik Sense April 2018 is that now, the user doing those API calls (By default the Qlik Sense Service account) is now opening parallel active sessions.
So in this scenario the issue with access to the Qlik Sense Hub with the Qlik Sense Service account after a reload of the monitoring application is likely to be experienced.
This behavior has an impact on User Access Pass Allocation only and was introduced as a consequence of the introduction of analyzer users in the Qlik Sense April release.
Related Feature Request under Increase max parallel SessionCount for Qlik Sense end user sessions
More information on How to count sessions in Qlik Sense
The recommendation as of Qlik Sense April 2018 is to not allocate a token to the Qlik Sense Service account
or to create a dedicated user (without a token) and modify the Monitoring Apps Data Connector (monitor_*) to run with this new user (Note, the user running those data connections needs to be RootAdmin).
- Prior to the April 2018 release, it was never necessary to allocate tokens to the service account or REST connector user
- With the introduction of analyzer users in April 2018, the only resolution available would incur a performance penalty for all user logins in all systems at all times.
The September 2018 release notes now contains the information and recommendation as follows:If you set up your REST data connections with a regular user account and not a service account (not meaning Qlik Sense internal service accounts, but an AD/LDAP/other user directory service account), the maximum number of parallel sessions for a single user account (5) will be consumed, and the user will be locked out. Workaround: Use a service account instead, and do not allocate any user/professional/analyzer access to that account.