Can't fetch service configuration form KNIME server in Call Workflow Service

I tried using the new Call Workflow Service with a workflow on KNIME Server. The connection works, I can execute the workflow on the server manually. The workflow contains one Workflow Service Input node.

I started by adding a KNIME Server Connector and the node works. I connected it to the Call Workflow Service node. I can open the configuration dialog and I can select a remote workflow.

Bildschirmfoto 2021-12-22 um 13.51.06

However, the node fails to fetch the configuration from the remote workflow. I get a https related error that I do not really understand:

Error: java.io.IOException: IOException invoking https://my-server.com:8443/knime/rest/v4/MGI(2):openapi: HTTPS hostname wrong: should be <my-server.com>

The hostname is identical under both black boxes.

Any ideas what this error means?

Hi @mpreusse,

what KNIME Server version do you have running? Maybe your server is on an older version (<4.14) and doesn’t understand the new node’s request.

This is just a guess though, any other tests and ideas are welcome.

Kind regards
Marvin

Thanks @marvin.kickuth. I’m running KNIME Server 4.14.0.

I checked the logs on the server and there is nothing related to the error. On client side there is only a log entry similar to the error message, no additional information.

I checked different workflows and always get the same error.

2021-12-22 23:33:23,330 : WARN  : main :  : WrappedNodeDialog : Call Workflow Service : 4:4 : failed to apply settings: Cannot apply configuration when workflow parameters could not be successfully fetched.
org.knime.core.node.InvalidSettingsException: Cannot apply configuration when workflow parameters could not be successfully fetched.
        at org.knime.core.node.util.CheckUtils.checkSetting(CheckUtils.java:269)
        at org.knime.core.node.util.CheckUtils.checkSetting(CheckUtils.java:219)
        at org.knime.workflowservices.knime.caller.CallWorkflowNodeDialog.saveSettingsTo(CallWorkflowNodeDialog.java:279)
        at org.knime.core.node.NodeDialogPane.internalSaveSettingsTo(NodeDialogPane.java:532)
        at org.knime.core.node.NodeDialogPane$4.run(NodeDialogPane.java:766)
        at org.knime.core.node.util.ViewUtils$3.run(ViewUtils.java:353)
        at org.knime.core.node.util.ViewUtils$2.run(ViewUtils.java:155)
        at java.desktop/java.awt.event.InvocationEvent.dispatch(Unknown Source)
        at java.desktop/java.awt.EventQueue.dispatchEventImpl(Unknown Source)
        at java.desktop/java.awt.EventQueue$4.run(Unknown Source)
        at java.desktop/java.awt.EventQueue$4.run(Unknown Source)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
        at java.desktop/java.awt.EventQueue.dispatchEvent(Unknown Source)
        at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
        at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
        at java.desktop/java.awt.EventDispatchThread.pumpEvents(Unknown Source)
        at java.desktop/java.awt.EventDispatchThread.pumpEvents(Unknown Source)
        at java.desktop/java.awt.EventDispatchThread.run(Unknown Source)
1 Like

Hi @mpreusse

at second inspection of the error message, I’m guessing this may be related to the SSL certificate that the KNIME Server has been given (see the answer of this stackoverflow question).

Should the http port (8080 by default) be active, could you run a test with http? Could you hover over the server mountpoint to check whether you login via http or https?

Kind regards
Marvin

1 Like

Thanks @marvin.kickuth!

I used https. With http it works!

I don’t understand why though. All other operations work with https. I can connect to KNIME Server, start workflows, collect results etc.

It’s a Let’s Encrypt certificate for a subdomain: server1.my-company.com

Can I set something like a base URL in the KNIME Server settings?

Hi @mpreusse

I’m also somewhat confused by only the Call Workflow Service not accepting the certificate.

You can set the canonical address of the KNIME Server, see com.knime.server.canonical-address in the WebPortal under Administration > Configuration, though this likely is correct already.

I could also imagine proxies being an issue here. Maybe the Call Workflow Service doesn’t use a possibly configured proxy. Could you check File > Preferences > General > Network Connections, whether any Proxy entries are ticked?

I don’t want to rule out that the certificate is checked with different standards than other connections. In this case, we’d need to look into the details of the certificate – maybe e.g. intermediate certificate authorities (CA’s) need to be added to the certificate chain, or some other detail is not quite right, which may take some time to locate and we would require more details about the exact error and certificate used. Hopefully it is just a proxy setting that is causing this. :smiley:

Kind regards
Marvin

1 Like

Thanks for the ideas @marvin.kickuth.

There is no proxy unfortunately. Also, I changed the com.knime.server.canonical-address to the https URL but it does not change anything.

The only functionality that does not work is fetching the parameters in the Call Workflow Service node. In the configuration of that node I can see the list of remote workflows, refresh it, and select a workshop. Only the next step, fetching the parameters, throws an error.

Is it possible that there is a difference in the way how the request is handled in that particular function?

I would like to share more details but there is nothing in the logs except what I posted above. There is nothing about https/SSL in the stack trace. Is it possible to switch to more verbose logging mode?

@marvin.kickuth do you have any idea how to follow up here? I think it might not be connected to SSL in the end, everything else works.

I can use http for now but that’s not a particulary good idea if this goes to prodution :slight_smile:

Hi @mpreusse,

I’ll reach out to our developers to see how the calls differ. For now I’m out of ideas though. I agree that this isn’t a state we should leave things. You can adjust the log level of your local, calling workflow under File > Preferences > KNIME (log file), or File > Preferences > KNIME > KNIME GUI (console view in KNIME). I’m not sure whether we’ll get more useful information from that though.

Kind regards
Marvin

Thanks @marvin.kickuth! I tried setting the log level to debug. There is no additional error message that helps to understand the problem.

1 Like

Hi @mpreusse,

we discussed this with the developers today and we regularly run a lot of test in a HTTPS+SSL environment, where everything works fine. To me, this looks like something that needs fixing on the infrastructure level, rather than on the KNIME side.

Kind regards,
Carl

Thanks @CarlWitt, that makes sense of course.

Unfortunately, there is nothing in the logs that helps me to find the problem on infrastructure side. Is there a way to look deeper into the problem?

Hi @mpreusse,

I’m sorry, but I’m afraid I can’t be of further assistance.

Hi @mpreusse,

very sorry for the sporadic replies. I’m sure openssl can give us some information on the certificate, but I haven’t gotten around to the details (neither the command, nor the needed information). I hope to be able to update you on this.

Kind regards
Marvin

2 Likes

Thanks @marvin.kickuth,

I think this will be difficult to debug. I’ll try on another server or maybe with a new certificate.

As mentioned above, a bit more detail in the error message would help :slight_smile:

1 Like