4 Oracle Fusion Middleware Administration

This chapter describes issues associated with Oracle Fusion Middleware administration. It includes the following topics:

Note:

This chapter contains issues you might encounter while administering any of the Oracle Fusion Middleware products.

Be sure to review the product-specific release note chapters elsewhere in this document for any additional issues specific to the products you are using.

4.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topic:

4.1.1 Fusion Middleware Control May Return Error in Mixed IPv6 and IPv4 Environment

If your environment contains both IPv6 and IPv4 network protocols, Fusion Middleware Control may return an error in certain circumstances.

If the browser that is accessing Fusion Middleware Control is on a host using the IPv4 protocol, and selects a control that accesses a host using the IPv6 protocol, Fusion Middleware Control will return an error. Similarly, if the browser that is accessing Fusion Middleware Control is on a host using the IPv6 protocol, and selects a control that accesses a host using the IPv4 protocol, Fusion Middleware Control will return an error.

For example, if you are using a browser that is on a host using the IPv4 protocol and you are using Fusion Middleware Control, Fusion Middleware Control returns an error when you navigate to an entity that is running on a host using the IPv6 protocol, such as in the following situations:

  • From the Oracle Internet Directory home page, you select Directory Services Manager from the Oracle Internet Directory menu. Oracle Directory Services Manager is running on a host using the IPv6 protocol.

  • From a Managed Server home page, you click the link for Oracle WebLogic Server Administration Console, which is running on IPv6.

  • You test Web Services endpoints, which are on a host using IPv6.

  • You click an application URL or Java application which is on a host using IPv6.

To work around this issue, you can add the following entry to the /etc/hosts file:

nnn.nn.nn.nn  myserver-ipv6 myserver-ipv6.example.com

In the example, nnn.nn.nn.nn is the IPv4 address of the Administration Server host, myserver.example.com.

4.1.2 Deploying JSF Applications

Some JSF applications may experience a memory leak due to incorrect Abstract Window Toolkit (AWT) application context classloader initialization in the Java class library. Setting the oracle.jrf.EnableAppContextInit system property to true will attempt eager initialization of the AWT application context classloader to prevent this leak from occurring. By default, this property is set to false.

4.1.3 Limitations in Cloning

Note the following limitations in cloning:

  • When you execute the pasteBinary command, the -executesysprereqs option is set to true by default. If you set it to false, the operation fails. To work around this problem, either do not pass the option to the pasteBinary command, or set it to true.

  • When you are cloning Oracle Virtual Directory, the Oracle instance name in the source environment cannot be the same as the Oracle instance name in the target environment. The Oracle instance name in the target must be different than the name in the source.

  • After you clone Oracle Virtual Directory from one host to another, you must add a self-signed certificate to the Oracle Virtual Directory keystore and EM Agent wallet on Host B. Take the following steps:

    1. Set the ORACLE_HOME and JAVA_HOME environment variables.

    2. Delete the existing self-signed certificate:

      $JAVA_HOME/bin/keytool -delete -alias serverselfsigned
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password 
      
    3. Generate a key pair:

      $JAVA_HOME/bin/keytool -genkeypair
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password -keypass OVD_Admin_password -alias serverselfsigned
        -keyalg rsa -dname "CN=Fully_qualified_hostname,O=test" 
      
    4. Export the certificate:

      $JAVA_HOME/bin/keytool -exportcert
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password -rfc -alias serverselfsigned
        -file ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
      
    5. Add a wallet to the EM Agent:

      ORACLE_HOME/../oracle_common/bin/orapki wallet add
        -wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet
        -pwd EM_Agent_Wallet_password -trusted_cert
        -cert ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
      
    6. Stop and start the Oracle Virtual Directory server.

    7. Stop and start the EM Agent.

4.1.4 Limitations in Moving Oracle Business Process Management from Test to Production Environment

Note the following limitations when moving Oracle Business Process Management from a test envrionment to a production environment:

  • When you move Oracle Business Process Management from a test environment to a production environment as described in the Task "Move Oracle Business Process Management to the New Production Environment" in the Oracle Fusion Middleware Administrator's Guide, Oracle Business Process Management Organization Units are not imported.

    To work around this issue, you must re-create the Organization Units in the production environment. In addition, if any Organization associations with the Calendar rule for the Role exist in the test environment, you must re-create them, using the Roles screen.

    For information, see "Working with Organizations" in the Oracle Fusion Middleware Modeling and Implementation Guide for Oracle Business Process Management.

  • Oracle recommends that you move artifacts and data into a new, empty production environment. If the same artifacts are present or some data has been updated on the production environment, the procedure does not update those artifacts.

4.1.5 Message Returned with Incorrect Error Message Level

In Fusion Middleware Control, when you select a metadata repository, the following error messages are logged:

Partitions is NULL
Partitions size is 0 

These messages are logged at the Error level, which is incorrect. They should be logged at the debug level, to provide information.

4.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

4.2.1 Must Stop Oracle SOA Suite Managed Server Before Stopping soa-infra

Using Fusion Middleware Control, if you stop a Oracle SOA Suite Managed Server before you stop soa-infra, then you start the Managed Server, the soa-infra application is not restarted automatically. If you try to restart the soa-infra, you will received an error. When you encounter the problem, you cannot close the dialog box in the browser, so you cannot take any further actions in Fusion Middleware Control.

To avoid this situation, you should stop the Managed Server, which stops all applications, including the soa-infra application. To start the Managed Server and the soa-infra, start the Managed Server.

To close the browser dialog box, enter the following URL in your browser:

http://host:port/em

4.2.2 Configuring Fusion Middleware Control for Windows Native Authentication

To use Windows Native Authentication (WNA) as the single sign-on mechanism between Fusion Middleware Control and Oracle WebLogic Server Administration Console, you must make changes to the following files:

  • web.xml

  • weblogic.xml

These files are located in the em.ear file. You must explode the em.ear file, edit the files, then rearchive the em.ear file. Take the following steps (which assume that while the front end is on Windows, the em.ear file is on UNIX):

  1. Set the JAVA_HOME environment variable. For example:

    setenv JAVA_HOME /scratch/Oracle/Middleware/jrockit_160_05_R27.6.2-20 
    
  2. Change to the directory containing the em.ear, and explode the file. For example:

    cd /scratch/Oracle/Middleware/user_projects/applications/domain_name
    JAVA_HOME/bin/jar xvf em.ear em.war 
    JAVA_HOME/bin/jar xvf em.war WEB-INF/web.xml
    JAVA_HOME/bin/jar xvf em.war WEB-INF/weblogic.xml
    
  3. Edit web.xml, commenting out the first login-config block and uncommenting the login-config block for WNA. (The file contains information about which block to comment and uncomment.) When you have done this, the portion of the file will appear as in the following example:

    <!--<login-config>
         <auth-method>CLIENT-CERT</auth-method>
       </login-config>
    -->  
     <!--
      the following block is for Windows Native Authentication, if you are using
     WNA, do the following:
        1. uncomment the following block
        2. comment out the previous <login-config> section.
        3. you also need to uncomment a block in weblogic.xml
     -->
       <login-config>
         <auth-method>CLIENT-CERT,FORM</auth-method>
         <form-login-config>
           <form-login-page>/faces/targetauth/emasLogin</form-login-page>
           <form-error-page>/login/LoginError.jsp</form-error-page>
         </form-login-config>
       </login-config>
       <security-constraint>
     .
     .
     .
       <security-role>
         <role-name>Monitor</role-name>
       </security-role>
     
    
  4. Edit weblogic.xml, uncommenting the following block. (The file contains information about which block to uncomment.) When you have done this, the portion of the file will appear as in the following example:

     <!--
     the following block is for Windows Native Authentication, if you are using
     WNA, uncomment the following block.
     -->
      <security-role-assignment>
         <role-name>Admin</role-name>
         <externally-defined/>
       </security-role-assignment>
     .
     .
     .
       <security-role-assignment>
         <role-name>Deployer</role-name>
         <externally-defined/>
       </security-role-assignment>
    
  5. Rearchive the em.ear file. For example:

    JAVA_HOME/bin/jar uvf em.war WEB-INF/web.xml
    JAVA_HOME/bin/jar uvf em.war WEB-INF/weblogic.xml
    JAVA_HOME/bin/jar uvf em.ear em.war 
    

4.2.3 Fusion Middleware Control Does Not Keep Column Preferences in Log Viewer Pages

In Fusion Middleware Control, you can reorder the columns in the pages that display log files and log file messages. However, if you navigate away from the page and then back to it, the columns are set to their original order.

4.2.4 Topology Viewer Does Not Display Applications Deployed to a Cluster

In Fusion Middleware Control, the Topology Viewer does not display applications that are deployed to a cluster.

4.2.5 Changing Log File Format

When you change the log file format note the following:

  • When you change the log file format from text to xml, specify the path, but omit the file name. The new file will be named log. xml.

  • When you change the log file format from xml to text, specify both the path and the file name.

4.2.6 SSL Automation Tool Configuration Issues

The following issues have been observed when using the SSL Automation tool:

  • The script creates intermediate files that contain passwords in clear text. If the script fails, these files might not be removed. After a script failure, delete all files under the rootCA directory.

  • If Oracle Internet Directory password policy is enabled, passwords entered for wallet or keystore fail if they violate the policy.

  • Before you run the script, you must have JDK 1.6 installed and you must have JAVA_HOME set in your environment.

  • If the Oracle Virtual Directory configuration script fails, check the run log or enable debug for the shell script to view specific errors. If the error message looks similar to this, rerun the script with a new keystore name:

    WLSTException: Error occured while performing cd : Attribute 
    oracle.as.ovd:type=component.listenersconfig.sslconfig,name=LDAP SSL 
    Endpoint,instance=%OVD_INSTANCE%,component=ovd1 not found