Hi ArJ3N,
I am providing lenghty explaination ; please bare with me.
I am recording ALM 11.0 application using Vugen 11 Patch 4 as a Single Protocol Web[HTTP/HTML] script.
I provided below setting:
Application Type: Windows 32 Application
Program to Record: C:\Users\svanumu\AppData\Local\HP\ALM-Client\usto-papp-pc010\ALM-Client.exe
Program Arguments: "C:\Users\svanumu\AppData\Local\HP\ALM-Client\usto-papp-pc010\ALM-Client.exe" TDtesttypes="C:\Users\svanumu\AppData\Local\HP\ALM-Client\usto-papp-pc010" AdditionalParams="Brand=PC&BrandDisplayName=Performance Center" ApplicationType="Mercury.TD.Client.UI.Core.Application,QCClient.UI.Core" ConfigurationFile="C:\Users\svanumu\AppData\Local\HP\ALM-Client\usto-papp-pc010\ALM-Client.exe" PrivatePath="3rdParty" URL="http://usto-papp-pc010:8080/qcbin"
Working Directory: C:\Users\svanumu\AppData\Local\HP\ALM-Client\usto-papp-pc010\
Before the actual start of recording as per the articles KM213537,KM741105 and the attached ALM 11 Bench Mark Kit I have The authentication check for ALM/QC must be disabledin order to loadtest it.
The authentication is made with X-TD-ID that are calculated and exchanged server-side and client-side for each communication, the ActiveX responsible for generating this X-TD-ID is not replayed with LoadRunner, therefore we should disable the authentication. Even with the authentication disabled, the server will keep calculating and sending these X-TD-ID thus insuring valid loadtest results.
It was clearly mentioned that if we donot disable that authentication cheksum verification security setting we will recieve the 403 error.
My question is even after configuring this pre-requistie ; why am I recieving the forbidden error.
Say my first transaction is the load of the Home Page:
web_custom_request("TDAPI_GeneralWebTreatment","URL=http://usto-papp-pc010:8080/qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment","Method=POST","TargetFrame=","Resource=0","RecContentType=application/octet-stream","Referer=","Snapshot=t1.inf","Mode=HTML","EncType=text/html; charset=UTF-8","Body={\r\n""0: \\0000001C\\0:conststr:GetServerSettings,\r\n""1: \\0000002F\\0:conststr:74B9833A-C9F0-43C6-9C50-4E2FC4728D83,\r\n""2: \"0:int:1\",\r\n""3: \"0:int:-1\",\r\n""4: \"0:conststr:\",\r\n""5: \"0:int:-1\",\r\n""6: \\0000006D\\0:conststr:{\r\n""SERVER:\\0000002d\\http://usto-papp-pc010:8080/qcbin/wcomsrv.dll,\r\n""client_machine:USTO334386\r\n""}\r\n"",\r\n""7: \"65536:str:0\"\r\n""}\r\n",
LAST); When I am recording the it using Vugen below are the request headers and request body.
POST /qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment HTTP/1.1
Accept-Encoding: gzip
Content-Type: text/html; charset=UTF-8
X-TD-ID: F7A7507CDAD1ED4FA504460B1D0D08EC5D007163AC24CE4BE3729476E4738EB4
User-Agent: TeamSoft WinInet Component
Host: usto-papp-pc010:8080
Content-Length: 322
Connection: Keep-Alive
{
0: \0000001C\0:conststr:GetServerSettings,
1: \0000002F\0:conststr:74B9833A-C9F0-43C6-9C50-4E2FC4728D83,
2: "0:int:1",
3: "0:int:-1",
4: "0:conststr:",
5: "0:int:-1",
6: \0000006D\0:conststr:{
SERVER:\0000002d\http://usto-papp-pc010:8080/qcbin/wcomsrv.dll,
client_machine:USTO334386
}
,
7: "65536:str:0"
}During Recording below is the response header and its body.
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Set-Cookie: JSESSIONID=E10B7C29DC952444ADE6F4F18C09AF0E; Path=/qcbin; HttpOnly
Content-Encoding: gzip
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Date: Mon, 29 Jul 2013 06:48:19 GMT<R,4559,X-TD-ID=9B85BBFB5F2BDA59554CFF8F0F49CFE874ECA9CA6290445699CDE64F2613718F>{
0:\00000f71\3944:str:{
FORCE_LOGIN_SSL_MODE:N,
LOGIN_SSL_PORT:443,
IS_SSPR_ENABLED:N,
LOGIN_METADATA:\00000130\<LoginMetadata><ProjectType><Name>Standard</Name><DisplayName>Application Lifecycle Management</DisplayName><IsSingleProject>N</IsSingleProject></ProjectType><ProjectType><Name>LabManagement</Name><DisplayName>Lab Management</DisplayName><IsSingleProject>Y</IsSingleProject></ProjectType></LoginMetadata>,
EDITION:3,
DENIED_FEATURES:\00000154\{
0:\000000ab\REQ_TYPES,REQ_TRACEABILITY,QUALITY_PROJECT_MANAGEMENT,RBQM,SHARED_CUSTOMIZATION,EXTENSIONS,RELEASE_MGMT,BASELINES,CROSS_PROJECT_REPORTING,BUSINESS_PROCESS_MODELING,SHARING,
1:\0000004f\QUALITY_PROJECT_MANAGEMENT,SHARED_CUSTOMIZATION,CROSS_PROJECT_REPORTING,SHARING,
2:,
3:\00000025\QUALITY_PROJECT_MANAGEMENT,EXTENSIONS
},
BRAND:PC,
BRAND_DISPLAY_NAME:\00000012\Performance Center,
SERVER_ADDRESS:\00000021\USTO-PAPP-PC010.am.corp.amgen.com,
PERFORMANCE_MONITOR_CLIENT_CONFIGURATION:\00000b54\<?xml version="1.0" encoding="UTF-8" standalone="yes"?><PerformanceMonitor active="true"><ClientPersistJob interval="3.0"/><Monitors><Monitor type="Client" name="ClientOperation" active="true" maxRecordNum="100000" maxRequestCountPerOwner="0" timeFrameLength="0"><Filters><Filter filterType="Custom" description="'Login' Operations Which Exceed 2 Minutes." checkOwnerExists="false"><StringField name="operation_data" value="Login|Authenticate"/><StringField name="operation_type" value="Button Clicked"/><IntegerField name="client_total_time" value="120000" operator=">="/></Filter><Filter filterType="Custom" description="'Create Entity' Operations Which Exceed 2 Minutes." checkOwnerExists="false"><StringField name="operation_context" value=".*New.*"/><StringField name="operation_type" value="Button Clicked"/><StringField name="operation_data" value="OK|Submit"/><IntegerField name="client_total_time" value="120000" operator=">="/></Filter><Filter filterType="Custom" description="'Paste' Operations Which Exceed 2 Minutes." checkOwnerExists="false"><StringField name="operation_data" value="Paste"/><IntegerField name="client_total_time" value="120000" operator=">="/></Filter><Filter filterType="Custom" description="All Operations Which Exceed 5 Minutes." checkOwnerExists="false"><IntegerField name="client_total_time" value="300000" operator=">="/></Filter></Filters><ExcludedFields/></Monitor><Monitor type="Client" name="ClientMethodCall" active="true" maxRecordNum="100000" maxRequestCountPerOwner="0" timeFrameLength="0"><Filters><Filter filterType="Custom" description="Calls to 'AnalysisItem.Execute' Which Exceed 2 Minutes." checkOwnerExists="false"><StringField name="class_name" value="AnalysisItem"/><StringField name="method_name" value="Execute"/><IntegerField name="client_total_time" value="120000" operator=">="/></Filter><Filter filterType="Custom" description="Calls to 'WorkflowScripter.Execute' Which Exceed 2 Minutes." checkOwnerExists="false"><StringField name="class_name" value="WorkflowScripter"/><StringField name="method_name" value="Execute"/><IntegerField name="client_total_time" value="120000" operator=">="/></Filter><Filter filterType="OwnerExists" description="Method Called in the Context of Operations Whose Data was Collected." checkOwnerExists="true"/></Filters><ExcludedFields/></Monitor><Monitor type="Client" name="ClientRequest" active="true" maxRecordNum="100000" maxRequestCountPerOwner="0" timeFrameLength="0"><Filters><Filter filterType="OwnerExists" description="Requests in the Context of Operations or Method Calls Whose Data was Collected." checkOwnerExists="true"/><Filter filterType="Custom" description="All Requests Which Exceed 5 Minutes." checkOwnerExists="false"><IntegerField name="client_total_time" value="300000" operator=">="/></Filter></Filters><ExcludedFields/></Monitor></Monitors></PerformanceMonitor>,
SERVERCURRENTTIME:\00000013\2013-07-28 23:48:20,
DISABLE_PASSWORD_OTA_ENCRYPTION:N
},
1:\00000016\15:str:USTO-PAPP-PC010,
2:\000001fc\500:str:<ServerThread DB_TIME_COUNT="4" DB_TIME_MAX="2" SERVER_MACHINE_NAME="USTO-PAPP-PC010" DB_TIME_MIN="0" PROJECT="N/A" THREAD_ID="74B9833A-C9F0-43C6-9C50-4E2FC4728D83" FS_TIME_MIN="0" SERVER_START_TIME_MS="1375080500029" SERVER_TOTAL_TIME="12" FS_TIME_AVG="0" THREAD_TYPE="GetServerSettings" SERVER_CPU_TIME="15" FS_TIME_MAX="0" USER_NAME="N/A" FS_TIME_COUNT="0" PROJECT_SESSION_ID="-1" LOGIN_SESSION_ID="-1" THREAD_CATEGORY="FREC_REQUEST_CALL" SERVER_START_TIME="2013-07-28 23:48:20" DB_TIME_AVG="0" />,
3:"0:str:",
4:"0:pint:0"
}During Replay below is the request header and request body.
POST /qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment HTTP/1.1
Content-Type: text/html; charset=UTF-8
User-Agent: TeamSoft WinInet Component
Accept-Encoding: gzip
Accept: */*
Connection: Keep-Alive
Host: usto-papp-pc010:8080
Content-Length: 322
{
0: \0000001C\0:conststr:GetServerSettings,
1: \0000002F\0:conststr:74B9833A-C9F0-43C6-9C50-4E2FC4728D83,
2: "0:int:1",
3: "0:int:-1",
4: "0:conststr:",
5: "0:int:-1",
6: \0000006D\0:conststr:{
SERVER:\0000002d\http://usto-papp-pc010:8080/qcbin/wcomsrv.dll,
client_machine:USTO334386
}
,
7: "65536:str:0"
}During Replay below is the response header and the response body.
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Set-Cookie: JSESSIONID=B6A742290A768992129488A888BC096E; Path=/qcbin; HttpOnly
Content-Type: text/html;charset=utf-8
Content-Length: 960
Date: Mon, 29 Jul 2013 07:17:40 GMT<html><head><title>JBoss Web/2.1.3.GA - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>Access to the specified resource () has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>JBoss Web/2.1.3.GA</h3></body></html>Here is the error message from the replay log, even if I am enable continue on error feature in the run time settings all the other requests are getting the same forbidden errors.
Starting action Action.
Action.c(3): Notify: Transaction "01_Home_Page_Load" started.
Action.c(5): Error -26628: HTTP Status-Code=403 (Forbidden) for "http://usto-papp-pc010:8080/qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment" [MsgId: MERR-26628]
Action.c(5): web_custom_request("TDAPI_GeneralWebTreatment") highest severity level was "ERROR", 960 body bytes, 281 header bytes [MsgId: MMSG-26388]
Action.c(5): Notify: Transaction "01_Home_Page_Load" ended with "Fail" status (Duration: 1.2389 Wasted Time: 0.5729).
Ending action Action.I noticed that dynamic values were not returned from the server as a response for the first client request to further correlate it.
The doubt I have provided value of -Dcom.mercury.td.http.authentication=false in the JVM Option Number key of ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HP
Application Lifecycle Management\Parameters’ and restarted the "HP ALM Service" is it not the correct way to disable the authentication feature?
I strongly believe it is not a correlation issue; please advise your valuable thoughts onto this.
Regards,
Srihari