Loading

Error "Could not connect to TSM Controller at 'https://servername:8850'" Running TSM Commands

Дата публикации: Feb 24, 2026
Описание

When running any TSM command, the following error occurs: 


Could not connect to TSM Controller at 'https://servername:8850'

Alternately, the following error occurs:

           Unable to verify the server's HTTPS certificate.

However, running the following command will be successful:
tsm status -v --trust-admin-controller-cert

Some basic verification steps can be performed to confirm the issue is occurring due to the TSM certificate expiring, and not other possible causes:
 
 
Step 1:
Verify Tableau Server portal is running fine but the TSM WebUI is not accessible by running the following commands (Linux example):
# sudo su -l tableau
# systemctl status tabadmincontroller_0 

These commands will show the service is active and running, yet you still cannot connect to TSM.

Step 2:

Telnet to port 8850 to verify it is working:

# telnet localhost 8850
Trying ::1...
Connected to localhost.
Escape character is '^]'.


If the certificate is invalid, you will see this error message in the  ~/.tableau/tsm/tsm.log

2019-03-15 15:09:57 main : ERROR com.tableausoftware.tabadmin.ServerApi - Exception sending request
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://localhost.localdomain:8850/api/0.5/login": 
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: 
validity check failed; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

Note: The TSM log may show 'timestamp check failed' as the suffix of the above error message instead of 'validity check failed'.

 

Cause

Earlier versions of Tableau Server used a TSM Controller certificate which expired after one year.  Currently, the certificate lasts up to three years and a new certificate is installed on upgrades.

Решение

TSM uses a self-signed SSL certificate that is generated at time of installation.  In earlier versions, a full Tableau Server reinstall was required to regenerate a new SSL cert.  In current versions, a reinstall of the tabadmincontroller can be performed to generate a new certificate. 

Current releases have added a flag, --trust-admin-controller-cert, to tsm and the upgrade-tsm script.  To perform this resolution, you need to install the same version family.  For example, if using Tableau Server 2021.4.1, you will need to install Tableau Server 2021.4.1+.
 

Option 1

Perform the following when it is not possible to access TSM from the command line and trying to upgrade from an old version to a current version that has the new flag.

Access that version's TSM with the --trust-admin-controller-cert flag as: 

/opt/tableau/tableau_server/packages/bin.<version_code>/tsm stop --trust-admin-controller-cert

where <version code> is the newly installed Tableau Server build version number which you can find on the releases page for that Tableau Server version.

e.g. Please try  tsm data-access repository-access enable --repository-username readonly --repository-password <PASSWORD> --trust-admin-controller-cert

Note: For TSM CLI connections from remote computers, you will be prompted to trust the Tableau installation CA certificate the first time you connect to the Tableau Server running TSM Administration Controller. You can choose to trust the CA certificate, in which case you will not be prompted again on that computer until the certificate expires (default is 3 years). Or you can connect with a one-time trust by running your TSM command with the --trust-admin-controller-cert flag .

 

Option 2

Reinstall of the tabadmincontroller can be performed on currently supported versions to generate a new certificate using the following steps:

Windows:

    1. Open a Command Prompt as administrator (right click command prompt and select "run as administrator")
    2. Stop the Tableau Server from the command prompt by running the following command:
      tsm stop --trust-admin-controller-cert
    3. Navigate to C:\ProgramData\Tableau\Tableau Server\data\tabsvc\services\tabadmincontroller_<version>.
      Note: This is the default path. Your Tableau Server path may be different if you installed Tableau Server to a non-default path.
    4. Run "uninstall.cmd". Exit code 0 means it was successful.
    5. Run "Install.cmd". Exit code 0 means it was successful.
    6. Restart the Tableau Server computer.
    7. Start the Tableau Server using the TSM web UI or using "tsm start"

Linux:

    1. Stop the Tableau Server from the command prompt by running the following command:
      tsm stop --trust-admin-controller-cert
    2. Enter the following into the command prompt:
      sudo su - tableau
    3. Navigate to /var/opt/tableau/tableau_server/data/tabsvc/services/tabadmincontroller_<version>
    4. Run ./uninstall.sh
    5. Run ./install.sh
    6. Exit the command prompt
    7. Restart the Tableau Server computer.
    8. Start the Tableau Server using the TSM web UI or using "tsm start"

See the following information:

 

Option 3

Upgrade Tableau Server by following the directions in the Tableau Online Help for the appropriate operating system being used. When running the upgrade-tsm script, use the --trust-admin-controller-cert flag.

Дополнительные ресурсы

To verify your TSM Controller SSL certificate's expiration date, enter the following commands in the terminal on the computer running Tableau Server Primary Node (Linux instructions):

 #openssl s_client -connect localhost:8850
 # echo | openssl s_client -connect localhost:8850  2>/dev/null | openssl x509 -noout -dates
Note that in the above commands, the # just denotes the shell prompt and is not part of the command, and the leading space before "echo" in the second command is required.

For Windows:

1. Open Command Prompt as Administrator

2. Navigate to Tableau’s OpenSSL directory, for example:
cd C:\Program Files\Tableau\Tableau Server\packages\apache.20242.26.0109.0334\bin
(This example is based on Tableau Server 2024.2. The path may differ for other versions.)

3. Run the following command to check the certificate interactively:
openssl s_client -connect localhost:8850

4. To display the certificate validity dates directly, run:
echo | openssl s_client -connect localhost:8850 2>nul | openssl x509 -noout -dates

You will see output similar to the following:

notBefore=Feb 4 05:49:44 2026 GMT
notAfter=Feb 4 05:49:44 2027 GMT 

Номер статьи базы знаний

001471255

 
Загрузка
Salesforce Help | Article