Also, this error happens when I try starting lasr analytic server from sas va lasr admin tool. if I try running a script from server to start lasr analytic server, it runs fine and bring up port 10121.

@woo,

Have you recently configured TLS/HTTPS on the middle tier?

Not really, but we had reverse proxy in place (https) -> we did undo reverse proxy (http) -> then we performed product upgrade. so right now we are using http connection only + when I look at va admin log (sasserver12_1) - I see below error. is this something related to certificate error?

[tomcat-http--72] ERROR [ST-10756-FUrR37giwk2IBpBGBm0M-casmrmsas] com.sas.lasr.mgmt.client.serviceproxy.LasrMgmtServiceProxy - http://url.com:7980/SASLASRAuthorization/rest/servers/A5U71EFV_AY0000RY/status?ticket=ST-10760-k9n2M...

[tomcat-http--72] ERROR [ST-10756-FUrR37giwk2IBpBGBm0M-casmrmsas] com.sas.lasr.mgmt.client.serviceproxy.LasrMgmtServiceProxy - org.springframework.web.client.HttpClientErrorException: 401 Authorization Required

[tomcat-http--72] WARN  [ST-10756-FUrR37giwk2IBpBGBm0M-casmrmsas] com.sas.lasr.mgmt.client.serviceproxy.LasrMgmtServiceProxy - Connection Error: 401 retrying

[localhost-startStop-15] WARN  [unknownunknown] com.sas.services.session.SessionContext - Forced destruction of the session context by the Session Service. Session Context=3c7eb61ae5041aac:-316e2e1e:16581f38949:-556b

and when I a look at last action log, signer is pointing to https an port 443 connection, so I believe that needs to be changed. any idea from were can I change? none sas smc application definition has https and 443 connection. I believe this might something coming from specific code file. any idea where it could be located?

@woo,

Not really, but we had reverse proxy in place (https) -> we did undo reverse proxy (http) -> then we performed product upgrade.

SAS LASR Authorization Service shouldn't use a reverse proxy, you have to use an internal connection for that.

and when I a look at last action log, signer is pointing to https an port 443 connection, so I believe that needs to be changed. any idea from were can I change?

Yes, SAS Management Console -> Application Management -> Configuration Manager -> SAS Application Infrastructure -> Visual Analytics 7.<X> -> Visual Analytics Services 7.<X> -> LASR Authorization Service 7.<X>. You have to change URL back to internal on these objects:

• LASR Authorization Service 7.<X>
• LASRAuthorizationService REST
• LASRKeyRegistrationService REST

Thanks Alex. Since we have sso enabled, for all those lasr service definition in smc (that you mentioned),
do we have to use https/443 for internal connection? and for any customized script
(.sas like below) that we have which start lasr services? At the moment we have http/7980 for
internal conenction and https/443 for external connection).


start script (manual)
libname LASRLIB SASIOLA
        startserver  host="company.com" port=10121
        signer="http://company.com:7980/SASLASRAuthorization";

proc vasmp;
   serverwait  port=10121;
quit;


stop script (manual)
proc vasmp;
    serverterm host="server-name" port=10121;
quit;

@woo,

You have to use an internal connection. In your case http/7980. Make sure that compute tier can connect to the middle tier on port 7980.

i can connect from to compute tier to midtier but reverse case is not working (cannot connect to compute tier from midtier). Thanks -

@woo,

i can connect from to compute tier to midtier

That will be enough.

Thanks Alex, we have "public lasr analytic server" as well as "lasr analytic server" which are running on different compute server. can you please tell what definition needs to be changed from smc (under configuration manager -> sas application infrastructure)? because related library's (VALIBLA and LASRLIB) display libname statement as https/443.

apart from above comment, after changing those 3 definitions to http/7980 (+ after restarting object spawner), when i attempt to start lasr srever (this log is from last action log from lasr admin tool), it still showing https/443 port. is there anything needs to be changed from server.xml file?

---------start server--------

63         %statuscheckpoint;
64         /* Skip Next Step If We Have a Bad Status Code */
65         %macro codeBody;
66            %GLOBAL LASTSTEPRC;
67            %if %symexist(LASTSTEPRC) %then %do;
68               %if %eval(&LASTSTEPRC. <= 4) %then %do;

69         
70                  /* Start the single-machine LASR server process */
71                  libname ml sasiola startserver=
72                     (
73                        PATH="/path to sigfiles" /*don't  have sigfiles though*/
74                     )
75         
76                   host="server.com" port=10121
77                  signer="https://server.com:443/SASLASRAuthorization"
78                  ;
79         
80               %end;
81            %end;
82         %mend;
83         %codeBody;
NOTE: No tag was specified in the LIBNAME statement. The default tag (WORK) is used to name and identify tables in the LASR
      Analytic Server. You can specify a tag as a data set option.
ERROR: Unable to register LASR server with authentication service.
ERROR: Libref ML is not assigned.
ERROR: Error in the LIBNAME statement.

@woo,

when i attempt to start lasr srever (this log is from last action log from lasr admin tool), it still showing https/443 port.

Go to SAS Management Console -> Environment Management -> Server Manager -> select your LASR server -> right click on the connection object -> Properties -> Options -> make sure that you have a correct URL -> click OK (this is important step). Check the libname statement for that LASR server in SAS Management Console. Have you noticed any differences?

yes, everything looks okay to me. i matched word to word (+ compared to other environment where libname statement showing http/7980) - there is no difference. i have this in place,

application lasr analytic server

options parameters

port number -> 10121
high performance analytics environment host -> compute-servername.com
use lasr authorization service -> http://midtier-servername.com:7980/SASLASRAuthorization

+

under app mgmt -> sas app infra -> va 7.X -> va service 7.X --> defined to use "internal connection" with below parameters

lasr auth service

   lasrauthservice rest

   lasrkeyregistration rest

internal connection parameters

http

hostname -> midtier-servername.com

7980

/SASLASRAuthorization

@woo,

Have you checked the libname statement on the library associated with that server?