We have two live servers running DeepSee dashboards for users. One of the servers can print a widget to a pdf file, and the other can't.
I learned that 1) a Java JRE needed to be installed on the second server, and 2) it's trying to run an OS command to render a pdf file (details below).
An audit log of the event shows this:
|O/S Username||CSP Gateway|
|Event Data||Execute O/S command
Command: C:\InterSystems\EnsembleProd\fop\fop.bat -fo C:\InterSystems\EnsembleProd\mgr\Temp\widget_7-print2683555489.xsl -pdf C:\InterSystems\EnsembleProd\mgr\Temp\widget_7-print2683555489.pdf -c C:\InterSystems\EnsembleProd\fop\conf\fop.xconf
This command uses the xsl file to create a pdf, using the Apache fop.bat (formatting objects processor - had to look that one up).
One server successfully sets up the xsl file, creates the pdf file, displays it, and deletes the two files.
The second server sets up the xsl file (I can see it), can NOT create the pdf file, and the application hangs there. It must be choking on this command, or when calling this command. By the way, I can successfully run this command form the cmd prompt on the server (now that the JRE is installed) and create a pdf file. In fact, once it's created, the application dislays it and then deletes the files.
Not many differences between the servers, although the CSP Gateway has a little more security on the second server (the one that's NOT able to finish the command). A few services are not enabled on the second server.
The server that CAN run the OS command is on Windows server 2008. Its instance was upgraded to 2018.
The server that can NOT run the OS command is on Windows server 2012. Its instance was upgrade to 2018 at the same time (well, a few hours later).
Both Apache installations were upgraded when the instance was upgraded. At least, they both say they're version 2018.1.2.309.5 in the CSP Gateway Management Portal.
What services need to be enabled? Should I loosen up the security on the CSPSystem / CSP Gateway on the second server?
An analyst here thinks that this ability to print the widget changaed after we upgraded to 2018 - could that have changed some OS security groups?
What is the Callin service?