Thank you, so this is clearer, and it is happening much earlier than I was thinking. You are not trying to connect via xDBC to your FHIR SQL Builder projected tables, but rather just trying to create the first Analysis step.

This error "shouldn't happen", and I recommend you turn to our Cloud Support.

What you could attempt doing before, is opening the browser debugger and see (perhaps under Network and the related HTTP requests you see) if you see some "interesting" error that could shed some light on what is happening.

Perhaps you can provide more details as to what you are trying to do exactly and the way the error manifests itself.

For example you say "in cloud" do you mean via the FHIR Server cloud SaaS service?
If so you have to enable External Connections and setup External Rules. See from the Docs here.

Then under the overview page you should be able to see xDBC Details for connecting. See also here.

There is an article by @Iryna Mykhailova about connecting via xDBC to the IRIS Cloud SQL service, which should be very similar/identical.

Per the above a connection refused error might have to do with the TLS setup required for this connection (which the article above does not cover currently, but the service xDBC details in the Overview page does provide detailed instructions for).

I believe you have stumbled across a known issue - that if you call the method you mentioned above HS.FHIRServer.Installer:InstallNamespace() in a container, more than once, the FHIR Config UI app breaks (due to the folder location you mentioned above).

This was fixed since version 2023.2 (I see you are using 2023.1).

If you want to upgrade to 2023.2/3 you will have the fix. (just note the differences between CD (Continuous Delivery) releases and EM (Extended Maintenance) ones (like 2023.2/3); see this article for more details).

If you can't upgrade now I suggest you turn to your local InterSystems account team (@Anssi Kauppi / 
​​@Janne Korhonen) and/or InterSystems WRC (you can reference the internal fix IF-4531).

Hi Yakov,

You can see from the Docs here, for example re the Property ConnectAttrs (or later ConnectionAttributes):



An optional set of SQL connection attribute options. For ODBC, they have the form:


For example, AutoCommit:1.


Set this property in the OnInit() method of your business operation or business service to specify the options to use at connection time.

For calling SetConnectAttr() see these Docs, for example:

If the connection has already been established, call the SetConnectAttr() method of the adapter. This method takes two arguments (the attribute name and the desired value) and returns a status. For example:
 Set tout= ..Adapter.SetConnectAttr("querytimeout",10)

As to the name of the attribute and the appropriate value you should consult the SQL Server documentation (for example this, but this will be up to you to verify).

If you need more assistance than this please get in touch and we can work on this together.

Hi Dmitrii,

Thanks for this question.

Programmatically you can use the method Security.Applications:Modify() (from within the %SYS namespace).

Here's an example:

 set props("RedirectEmptyPath")=1

 set status = ##class(Security.Applications).Modify("/myapp/name",.props)

This article by @David Hockenbroch covers this Security Applications API (including reference to this setting) in general.

Maybe the problem with IIS has to do with Web Socket support.

See for example from the Docs here:

This extension uses WebSockets to communicate with the InterSystems server during debugging. If you are experiencing issues when trying to start a debugging session, check that the InterSystems server’s web server allows WebSocket connections.

 For example from the Windows Features -

See also IIS Docs.

If this is not the issue let us know if you are getting any error on the VS Code side and/or if you can turn on some logging on the Web Gateway or Server side.

Hi @Dmitrii Baranov 
You can take a peak at a similar task performed internally in the FHIR Server REST handler class -


    // For compatability, copy all HTTP_ headers into the AdditionalInfo section of the request
    Set tKey = ""
    For {
        Set tKey = $ORDER(%request.CgiEnvs(tKey))
        Quit:tKey="" If tKey?1"HTTP_"1.E {
            // Determine the proper header name (will be all caps unfortunately)
            Set tHeader = $PIECE(tKey,"HTTP_",2,*) // Copy the HTTP headers - except for certain ones.
            If (tHeader '= "AUTHORIZATION") {
                Do pRequest.AdditionalInfo.SetAt(%request.CgiEnvs(tKey), "HEADER:"_tHeader)

Note this is internal code.

You can also similar code for the Generic HTTP Service (used by the Passthrough I mentioned to Alex above), from:


    Set tattrH=$O(%request.CgiEnvs("HTTP_"))
    While $E(tattrH,1,5)="HTTP_" {
        If tattrH'="HTTP_URL",tattrH'="HTTP_VERSION" {
            Set attr=$REPLACE($E(tattrH,6,*),"_","-"), lwrattr=$ZCVT(attr,"L")
            If '((lwrattr="transfer-encoding")&&($ZCVT(%request.CgiEnvs(tattrH),"L")="chunked")),'((lwrattr="content-encoding")&&($ZCVT(%request.CgiEnvs(tattrH),"L")="gzip")) {
                Set:..#TOLOWERHEADERVARS attr=lwrattr
                Set:'$D(lwrattrs(lwrattr)) pStream.Attributes(attr)=%request.CgiEnvs(tattrH), lwrattrs(lwrattr)=""
                Set:"content-length"=lwrattr tLen=pStream.Attributes(attr)
                Set:"content-type"=lwrattr tContentType=pStream.Attributes(attr)
            } ElseIf (lwrattr="content-encoding") {
                Set tgzip = 1ElseIf tLen = "x" {
                Set tLen="xchunked"
        Set tattrH=$O(%request.CgiEnvs(tattrH))

Again this is internal code.

But coming back to my comment to Alex above, I would recommend using one of the approaches I mentioned there (the Generic Passthrough service, or the FHIR Interop. built-in service) and this way all of the above is already handled for you.

Indeed it is in the Location Header.

From the related FHIR docs:

The server returns a 201 Created HTTP status code, and SHALL also return a Location header which contains the new Logical Id and Version Id of the created resource version:

  Location: [base]/[type]/[id]/_history/[vid]

where [id] and [vid] are the newly created id and version id for the resource version. The Location header should be as specific as possible - if the server understands versioning, the version is included. If a server does not track versions, the Location header will just contain [base]/[type]/[id]. The Location MAY be an absolute or relative URL.

Following up on Shawn's response, these resources might also be helpful in the meantime, and perhaps for others -

"See how to use key features of the Healthcare Action Engine to set up real-time alerts for clinicians. In this exercise, you will build decision support, design a notification using a CDS Hooks card, and write a rule to deliver it."

[I believe the same comment Shawn mentioned about being required to be a HealthShare customer in order to access this content is relevant here as well.]