This chapter describes issues associated with Oracle Product. It includes the following topics:
This section describes general issue and workarounds. It includes the following topic:
OPMN provides the
opmnctl command. The executable file is located in the following directories:
ORACLE_HOME/opmn/bin/opmnctl: The opmnctl command from this location should be used only to create an Oracle instance or a component for an Oracle instance on the local system. Any opmnctl commands generated from this location should not be used to manage system processes or to start OPMN.
On Windows, if you start OPMN using the opmnctl start command from this location, OPMN and its processes will terminate when the Windows user has logged out.
ORACLE_INSTANCE/bin/opmnctl: The opmnctl command from this location provides a per Oracle instance instantiation of opmnctl. Use opmnctl commands from this location to manage processes for this Oracle instance. You can also use this opmnctl to create components for the Oracle instance.
On Windows, if you start OPMN using the opmnctl start command from this location, it starts OPMN as a Windows service. As a result, the OPMN parent process, and the processes which it manages, persist after the MS Windows user has logged out.
If your environment contains both IPv6 and IPv4 network protocols, Fusion Middleware Control may return an error in certain circumstances.
If the browser that is accessing Fusion Middleware Control is on a host using the IPv4 protocol, and selects a control that accesses a host using the IPv6 protocol, Fusion Middleware Control will return an error. Similarly, if the browser that is accessing Fusion Middleware Control is on a host using the IPv6 protocol, and selects a control that accesses a host using the IPv4 protocol, Fusion Middleware Control will return an error.
For example, if you are using a browser that is on a host using the IPv4 protocol and you are using Fusion Middleware Control, Fusion Middleware Control returns an error when you navigate to an entity that is running on a host using the IPv6 protocol, such as in the following situations:
From the Oracle Internet Directory home page, you select Directory Services Manager from the Oracle Internet Directory menu. Oracle Directory Services Manager is running on a host using the IPv6 protocol.
From a Managed Server home page, you click the link for Oracle WebLogic Server Administration Console, which is running on IPv6.
You test Web Services endpoints, which are on a host using IPv6.
You click an application URL or Java application which is on a host using IPv6.
To work around this issue, you can add the following entry to the /etc/hosts file:
nnn.nn.nn.nn myserver-ipv6 myserver-ipv6.example.com
In the example, nnn.nn.nn.nn is the IPv4 address of the Administration Server host, myserver.example.com.
Note the following limitations in moving from test to production:
If your environment includes Oracle WebLogic Server which you have upgraded from one release to another (for example from 10.3.4 to 10.3.5), the pasteConfig scripts fails with the following error:
Oracle_common_home/bin/unpack.sh line29: WL_home/common/bin/unpack.sh No such file or directory
To work around this issue, edit the following file:
Add the following entries:
/wlserver_10.3/server/lib/unix/nodemanager.sh /wlserver_10.3/common/quickstart/quickstart.cmd /wlserver_10.3/common/quickstart/quickstart.sh /wlserver_10.3/uninstall/uninstall.cmd /wlserver_10.3/uninstall/uninstall.sh /utils/config/10.3/setHomeDirs.cmd /utils/config/10.3/setHomeDirs.sh
When you are moving Oracle Virtual Directory, the Oracle instance name in the source environment cannot be the same as the Oracle instance name in the target environment. The Oracle instance name in the target must be different than the name in the source.
After you move Oracle Virtual Directory from one host to another, you must add a self-signed certificate to the Oracle Virtual Directory keystore and EM Agent wallet on Host B. Take the following steps:
Set the ORACLE_HOME and JAVA_HOME environment variables.
Delete the existing self-signed certificate:
$JAVA_HOME/bin/keytool -delete -alias serverselfsigned -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks -storepass OVD_Admin_password
Generate a key pair:
$JAVA_HOME/bin/keytool -genkeypair -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks -storepass OVD_Admin_password -keypass OVD_Admin_password -alias serverselfsigned -keyalg rsa -dname "CN=Fully_qualified_hostname,O=test"
Export the certificate:
$JAVA_HOME/bin/keytool -exportcert -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks -storepass OVD_Admin_password -rfc -alias serverselfsigned -file ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt
Add a wallet to the EM Agent:
ORACLE_HOME/../oracle_common/bin/orapki wallet add -wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet -pwd EM_Agent_Wallet_password -trusted_cert -cert ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt
Stop and start the Oracle Virtual Directory server.
Stop and start the EM Agent.
The copyConfig operation fails if you are using IPv6 and the Managed Server listen address is not set.
To work around this problem, set the Listen Address for the Managed Server in the Oracle WebLogic Server Administration Console. Navigate to the server. Then, on the Settings for server page, enter the Listen Address. Restart the Managed Servers.
When you are moving Oracle Platform Security and you are using an LDAP store, the LDAP store on the source environment must be running and it must be accessible from the target during the pasteConfig operation.
If you have configured WebGate with Oracle HTTP Server Release 18.104.22.168, you must apply the following patch to Oracle HTTP Server before you use the movement scripts:
This section describes configuration issues and their workarounds. It includes the following topics:
To use Windows Native Authentication (WNA) as the single sign-on mechanism between Fusion Middleware Control and Oracle WebLogic Server Administration Console, you must make changes to the following files:
These files are located in the em.ear file. You must explode the em.ear file, edit the files, then rearchive the em.ear file. Take the following steps (which assume that while the front end is on Windows, the em.ear file is on UNIX):
Set the JAVA_HOME environment variable. For example:
setenv JAVA_HOME /scratch/Oracle/Middleware/jrockit_160_05_R27.6.2-20
Change to the directory containing the em.ear, and explode the file. For example:
cd /scratch/Oracle/Middleware/user_projects/applications/domain_name JAVA_HOME/bin/jar xvf em.ear em.war JAVA_HOME/bin/jar xvf em.war WEB-INF/web.xml JAVA_HOME/bin/jar xvf em.war WEB-INF/weblogic.xml
Edit web.xml, commenting out the first login-config block and uncommenting the login-config block for WNA. (The file contains information about which block to comment and uncomment.) When you have done this, the portion of the file will appear as in the following example:
<!--<login-config> <auth-method>CLIENT-CERT</auth-method> </login-config> --> <!-- the following block is for Windows Native Authentication, if you are using WNA, do the following: 1. uncomment the following block 2. comment out the previous <login-config> section. 3. you also need to uncomment a block in weblogic.xml --> <login-config> <auth-method>CLIENT-CERT,FORM</auth-method> <form-login-config> <form-login-page>/faces/targetauth/emasLogin</form-login-page> <form-error-page>/login/LoginError.jsp</form-error-page> </form-login-config> </login-config> <security-constraint> . . . <security-role> <role-name>Monitor</role-name> </security-role>
Edit weblogic.xml, uncommenting the following block. (The file contains information about which block to uncomment.) When you have done this, the portion of the file will appear as in the following example:
<!-- the following block is for Windows Native Authentication, if you are using WNA, uncomment the following block. --> <security-role-assignment> <role-name>Admin</role-name> <externally-defined/> </security-role-assignment> . . . <security-role-assignment> <role-name>Deployer</role-name> <externally-defined/> </security-role-assignment>
Rearchive the em.ear file. For example:
JAVA_HOME/bin/jar uvf em.war WEB-INF/web.xml JAVA_HOME/bin/jar uvf em.war WEB-INF/weblogic.xml JAVA_HOME/bin/jar uvf em.ear em.war
This section contains documentation errata and updates for the Oracle Fusion Middleware Administrator's Guide:
In the procedure for moving Oracle Privileged Account Manager to a target environment, the following step is not required:
ORACLE_HOME path is different in the source and the target environments, then you must manually update some references in
DOMAIN_HOME/config/fmwconfig/opam/-config.xml. These references include lines with
bundleJar locations that point to jar files in
For example, in a default set-up, the lines with
bundleJar references include:
<connector bundleJar="ORACLE_HOME/connectors/ldap/bundle/ org.identityconnectors.ldap-1.0.6380.jar" targetType="ldap"> <connector bundleJar="ORACLE_HOME/connectors/genericunix/bundle/org.identityconnectors.genericunix-1.0.0.jar"targetType="unix"> <connector bundleJar="ORACLE_HOME/connectors/dbum/bundle/ org.identityconnectors.dbum-1.0.1116.jar" targetType="database">
ORACLE_HOME is the correct path for the target environment, because the value from a source environment would have been migrated.
See "Move Oracle Privileged Account Manager to a New Target Environment" in the Oracle Fusion Middleware Administrator's Guide.
In the task "Move Access Manager 11g to a New Target Environment" in the section "Moving Identity Management to a New Target Environment", you need to manually copy the obAccessclient.xml file only if you are not also moving WebGate.
In the task "Move Oracle Identity Manager to a New Target Environment" in the section "Moving Identity Management to a New Target Environment", note the following and perform edit, if necessary, after you copy exported custom reconciliation profiles to the target system:
If a reconciliation profile is imported in any MDS environment with the attribute configure="true," it automatically generates all the required configuration for that environment and updates this property to false. In this case, after you export this profile from source environment, edit the file and add the configure='true' property before importing to the target environment.