Skip Headers
Oracle® Application Server Administrator's Guide
10
g
Release 3 (10.1.3)
B25209-03
Home
Solution Area
Index
Next
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documentation
Conventions
What's New in Oracle Application Server Administration?
New Features for 10
g
Release 3 (10.1.3)
Part I Getting Started
1
Getting Started After Installing Oracle Application Server
1.1
Understanding Oracle Application Server 10
g
Release 3 (10.1.3)
1.2
Task 1: Set Up Environment Variables
1.3
Task 2: Use the Oracle Application Server Welcome Page
1.4
Task 3: Check Your Port Numbers
1.5
Task 4: Get Started with Managing Components
1.5.1
Getting Started with Oracle Process Manager and Notification Server (OPMN)
1.5.2
Getting Started with Oracle HTTP Server
1.5.3
Getting Started with Oracle Containers for J2EE (OC4J)
1.5.4
Getting Started with Oracle Business Rules
1.5.5
Getting Started with Oracle TopLink
1.6
Task 5: Enable SSL (Optional)
2
Introduction to Administration Tools
2.1
Overview of Oracle Application Server Administration Tools
2.1.1
Managing Oracle Application Server with Oracle Enterprise Manager 10
g
Application Server Control
2.1.2
Managing Oracle Application Server Using the OPMN Command Line
2.1.3
Managing Oracle Application Server Using the admin_client.jar Utility
2.1.4
Using Other Tools to Monitor the Built-In Performance Metrics
2.2
About Oracle Enterprise Manager 10
g
Application Server Control
2.2.1
Application Server Control New Features for 10g Release 3 (10.1.3)
2.2.1.1
Lightweight Architecture
2.2.1.2
Standards-Based Management
2.2.1.3
Remote Management
2.2.1.4
Role-Based Administration
2.2.2
About the Application Server Control Underlying Technologies
2.2.3
Using the Application Server Control Console Online Help
2.3
Getting Started with the Application Server Control Console
2.3.1
Displaying the Application Server Control Console
2.3.1.1
Using the Application Server Control Console URL
2.3.1.2
Displaying the Application Server Control Console from the Welcome Page
2.3.2
Using Application Server Control to View and Manage an OC4J Instance
2.3.3
Creating Administrative Users and Assigning Administrative Roles
2.3.4
Using Application Server Control to View the Application Server Components
2.3.5
Using Application Server Control to Manage a Cluster Topology
2.3.5.1
Viewing the Cluster Topology and Locating the Active Application Server Control
2.3.5.2
Enabling Remote Management by Setting Administrator Credentials
2.3.6
Using Application Server Control to Manage Groups
2.3.6.1
How Groups Are Formed
2.3.6.2
Advantages of Using Groups
2.3.6.3
Group Considerations During the Oracle Application Server Installation
2.3.7
About MBeans and the Application Server Control MBean Browsers
2.3.7.1
Viewing the System MBean Browser
2.3.7.2
Viewing the MBeans for a Selected Application
2.3.7.3
Viewing the Cluster MBean Browser
3
Starting and Stopping
3.1
Overview of Starting and Stopping Procedures
3.2
Starting and Stopping Application Server Instances
3.2.1
Starting a Middle-Tier Instance
3.2.2
Stopping a Middle-Tier Instance
3.3
Starting and Stopping Components
3.3.1
Starting and Stopping Components Using opmnctl
3.3.2
Starting and Stopping Components Using Application Server Control Console
3.4
Starting and Stopping an Oracle Application Server Environment
3.4.1
Starting an Oracle Application Server Environment
3.4.2
Stopping an Oracle Application Server Environment
3.4.3
Starting 10.1.2 OracleAS Infrastructure
3.4.4
Stopping 10.1.2 OracleAS Infrastructure
3.5
Starting and Stopping: Special Topics
3.5.1
Starting and Stopping in High Availability Environments
3.5.2
Enabling and Disabling Components
3.5.3
Resolving OC4J Errors When Starting Multiple Instances
Part II Basic Administration
4
Managing Ports
4.1
About Managing Ports
4.2
Viewing Port Numbers
4.3
Changing Middle-Tier Ports
4.3.1
Changing OC4J Ports
4.3.2
Changing the Oracle HTTP Server Listen Ports
4.3.2.1
Enabling Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024 (Unix Only)
4.3.2.2
Changing the Oracle HTTP Server Non-SSL Listen Ports
4.3.2.3
Changing the Oracle HTTP Server SSL Listen Port
4.3.3
Changing the Oracle HTTP Server Diagnostic Port
4.3.4
Changing the Java Object Cache Port
4.3.5
Changing OPMN Ports (ONS Local, Request, and Remote)
4.3.6
Changing the Port Tunneling Port
4.4
Changing 10.1.2 Infrastructure Ports
4.4.1
Changing 10.1.2 Oracle Internet Directory Ports
4.4.2
Changing the HTTP Server Port on a 10.1.2 Identity Management Installation
5
Managing Log Files
5.1
Listing and Viewing Log Files with Application Server Control
5.1.1
Viewing Log Files
5.1.2
Listing Log Files for Components
5.1.3
Searching Log Files and Viewing Messages
5.1.4
Using Regular Expressions with Search
5.2
Understanding Oracle Application Server Logging
5.2.1
Understanding Log File Formats and Naming
5.2.1.1
ODL Message Formatting and ODL Log File Naming
5.2.1.2
Log File Messages by Component
5.2.2
Configuring Component Logging Options
5.3
Diagnosing Problems and Correlating Messages
5.3.1
Correlating Messages Across Log Files and Components
5.3.2
Diagnosing Component Problems
5.4
Advanced Logging Topics
5.4.1
Understanding ODL Messages and ODL Log Files
5.4.1.1
ODL Message Contents
5.4.1.2
ODL Log File Naming
5.4.2
Component Diagnostic Log File Registration
5.4.3
Configuring Components to Produce ODL Messages
5.4.3.1
Configuring Oracle HTTP Server to Produce ODL Messages
5.4.3.2
Configuring OC4J to Produce ODL Messages
5.4.4
Managing OC4J Redirected stderr and stdout Files
5.4.5
Configuration Issue for Log Files
Part III Advanced Administration
6
Reconfiguring Application Server Instances
6.1
Configuring Cluster Topologies
6.1.1
Configuring a Web Server and OC4J on Separate Hosts
6.1.2
Configuring Multiple OC4J Middle Tiers in a Cluster
6.2
Adding and Deleting OC4J Instances
6.2.1
Adding OC4J Instances
6.2.2
Removing OC4J Instances
6.3
Configuring 10.1.2 OracleAS Web Cache as a Reverse Proxy
6.3.1
Configuring an OracleAS Web Cache Instance as a Reverse Proxy
6.3.2
Configuring an OracleAS Web Cache Cluster as a Reverse Proxy
6.4
Configuring Oracle Application Server 10.1.2 with Oracle Application Server 10.1.3
6.5
Configuring Instances to Use 10.1.2 and 9.0.4 Oracle Identity Management
6.5.1
Configuring Instances to Use 10.1.2 Oracle Identity Management
6.5.2
Configuring Instances to Use 9.0.4 Oracle Identity Management
6.6
Disabling and Enabling Anonymous Binds
6.6.1
Disabling Anonymous Binds for Run-Time Environments
6.6.2
Enabling Anonymous Binds for Configuration Changes
7
Changing Network Configurations
7.1
Overview of Procedures for Changing Network Configurations
7.2
Changing the Hostname, Domain Name, or IP Address
7.2.1
Understanding the chgiphost Command
7.2.2
Changing the Hostname or Domain Name of a Middle-Tier Installation
7.2.3
Changing the Hostname, Domain Name, or IP Address of a 10.1.2 Identity Management Installation
7.2.4
Changing the IP Address of a 10.1.2 Infrastructure Containing a Metadata Repository
7.2.5
Special Topics for Changing a Hostname or Domain Name
7.2.5.1
Setting the Log Level for chgiphost
7.2.5.2
Customizing the chgiphost Command
7.2.5.3
Changing a Hostname After Upgrading from Windows 2000 to Windows 2003
7.2.5.4
Recovering from Errors When Changing a Hostname
7.3
Moving Between Off-Network and On-Network
7.3.1
Moving from Off-Network to On-Network (Static IP Address)
7.3.2
Moving from Off-Network to On-Network (DHCP)
7.3.3
Moving from On-Network to Off-Network (Static IP Address)
7.3.4
Moving from On-Network to Off-Network (DHCP)
7.4
Changing Between a Static IP Address and DHCP
7.4.1
Changing from a Static IP Address to DHCP
7.4.2
Changing from DHCP to a Static IP Address
8
Changing Infrastructure Services
8.1
Overview of Procedures for Changing Identity Management Services
8.2
Changing the Oracle Internet Directory or Oracle HTTP Server Ports on Identity Management Installations
8.3
Changing Oracle Internet Directory from Dual Mode to SSL Mode
8.3.1
Restrictions on Security Provider for Application Server Control
8.3.2
Procedure
8.4
Moving 10.1.2 or 9.0.4 Identity Management to a New Host
8.4.1
Sample Uses for This Procedure
8.4.2
Assumptions and Restrictions
8.4.3
Procedure for Moving Identity Management to a New Host
8.4.4
Strategy for Performing Failover with This Procedure
9
Cloning Application Server Middle-Tier Instances
9.1
Introduction to Cloning
9.2
What Installation Types Can You Clone?
9.3
Understanding the Cloning Process
9.3.1
Source Preparation Phase
9.3.2
Cloning Phases
9.4
Cloning Oracle Application Server Instances
9.4.1
Prerequisites for Cloning
9.4.2
Copy the Cloning Scripts
9.4.3
Preparing the Source
9.4.4
Cloning the Instance
9.4.5
Locating and Viewing Log Files
9.4.6
Cloning Instances That Are Members of a Cluster Topology
9.5
Considerations and Limitations for Cloning
9.5.1
General Considerations and Limitations for Cloning
9.5.2
Considerations for Cloning Oracle HTTP Server
9.5.3
Considerations for Cloning Oracle Containers for J2EE (OC4J)
9.5.4
Considerations for Cloning Application Server Control
9.6
Customizing the Cloning Process
9.6.1
Specifying Oracle Universal Installer Parameters
9.6.2
Assigning Custom Ports
9.6.3
Updating Custom Data
9.7
Example: Using Cloning to Expand an Oracle Application Server Cluster
10
Changing from a Test to a Production Environment
10.1
Scenario 1: Moving J2EE Applications from a Test Middle Tier Without Oracle Identity Management to a New Production Environment
10.1.1
Preexisting Configuration Assumptions
10.1.2
Procedure
10.2
Scenario 2: Moving J2EE Applications from a Test Middle Tier with Oracle Identity Management to a New Production Environment
10.2.1
Preexisting Configuration Assumptions
10.2.2
Procedure
10.3
Scenario 3: Creating a Test Environment for Development and Rolling Out J2EE Applications to a Production Environment with a Preexisting Oracle Identity Management
10.3.1
Example 1: Installing a New Production Middle-Tier Instance
10.3.1.1
Preexisting Configuration Assumptions
10.3.1.2
Procedure
10.3.2
Example 2: Pointing the Test Middle Tier to the Production Oracle Identity Management
10.3.2.1
Preexisting Configuration Assumptions
10.3.2.2
Procedure
10.3.3
Common Procedures for Examples in Scenario 3
Part IV Secure Sockets Layer (SSL)
11
Overview of Secure Sockets Layer (SSL) in Oracle Application Server
11.1
What SSL Provides
11.2
About Private and Public Key Cryptography
11.3
How an SSL Session Is Set Up (the "SSL Handshake")
11.4
Requirements for Using SSL in Oracle Application Server
11.5
Certificates and Oracle Wallets
11.5.1
How to Get a Certificate
11.5.2
Oracle Wallet
11.5.3
Client Certificates
11.6
SSL Configuration Overview
11.6.1
Default SSL Configuration
11.6.2
Partial SSL Configuration
11.7
Integration with Hardware Security Modules
11.7.1
Protocol Converters
11.7.2
Mathematics Accelerators (PKCS #11 Integration)
12
Managing Wallets and Certificates
12.1
Using Oracle Wallet Manager
12.1.1
Oracle Wallet Manager Overview
12.1.1.1
Wallet Password Management
12.1.1.2
Strong Wallet Encryption
12.1.1.3
Microsoft Windows Registry Wallet Storage
12.1.1.4
Backward Compatibility
12.1.1.5
Third-Party Wallet Support
12.1.1.6
LDAP Directory Support
12.1.2
Starting Oracle Wallet Manager
12.1.3
How To Create a Complete Wallet: Process Overview
12.1.4
Managing Wallets
12.1.4.1
Required Guidelines for Creating Wallet Passwords
12.1.4.2
Creating a New Wallet
12.1.4.3
Opening an Existing Wallet
12.1.4.4
Closing a Wallet
12.1.4.5
Exporting Oracle Wallets to Third-Party Environments
12.1.4.6
Exporting Oracle Wallets to Tools That Do Not Support PKCS #12
12.1.4.7
Uploading a Wallet to an LDAP Directory
12.1.4.8
Downloading a Wallet from an LDAP Directory
12.1.4.9
Saving Changes
12.1.4.10
Saving the Open Wallet to a New Location
12.1.4.11
Saving in System Default
12.1.4.12
Deleting the Wallet
12.1.4.13
Changing the Password
12.1.4.14
Using Auto Login
12.1.5
Managing Certificates
12.1.5.1
Managing User Certificates
12.1.5.2
Managing Trusted Certificates
12.2
Performing Certificate Validation and CRL Management with the orapki Utility
12.2.1
orapki Overview
12.2.1.1
orapki Utility Syntax
12.2.2
Displaying orapki Help
12.2.3
Creating Signed Certificates for Testing Purposes
12.2.4
Managing Oracle Wallets with the orapki Utility
12.2.4.1
Creating and Viewing Oracle Wallets with orapki
12.2.4.2
Adding Certificates and Certificate Requests to Oracle Wallets with orapki
12.2.4.3
Exporting Certificates and Certificate Requests from Oracle Wallets with orapki
12.2.5
Managing Certificate Revocation Lists (CRLs) with orapki Utility
12.2.5.1
About Certificate Validation with Certificate Revocation Lists
12.2.5.2
Certificate Revocation List Management
12.2.6
orapki Utility Commands Summary
12.2.6.1
orapki cert create
12.2.6.2
orapki cert display
12.2.6.3
orapki crl delete
12.2.6.4
orapki crl display
12.2.6.5
orapki crl hash
12.2.6.6
orapki crl list
12.2.6.7
orapki crl upload
12.2.6.8
orapki wallet add
12.2.6.9
orapki wallet create
12.2.6.10
orapki wallet display
12.2.6.11
orapki wallet export
12.3
Interoperability with X.509 Certificates
12.3.1
Public-Key Cryptography Standards (PKCS) Support
12.3.2
Multiple Certificate Support
13
Enabling SSL in the Infrastructure
13.1
SSL Communication Paths in the Infrastructure
13.2
Recommended SSL Configurations
13.3
Common SSL Configuration Tasks
13.3.1
Configuring SSL for OracleAS Single Sign-On and Oracle Delegated Administration Services
13.3.2
Configuring SSL for Oracle Internet Directory
13.3.3
Configuring SSL for Oracle Internet Directory Replication Server and Oracle Directory Integration and Provisioning
13.3.4
Configuring SSL in the Identity Management Database
13.3.5
Additional SSL Configuration in the OC4J_SECURITY Instance
13.3.5.1
Configuring SSL from mod_oc4j to OC4J_SECURITY
13.3.5.2
Using Port Tunneling from mod_oc4j to the OC4J_SECURITY Instance
13.3.5.3
Configuring JDBC/SSL (ASO support)
13.3.6
SSL in Oracle Application Server Certificate Authority
13.3.7
Configuring SSL for Oracle Enterprise Manager 10
g
13.3.7.1
Configuring Security for the Grid Control
13.3.7.2
Configuring Security for the Application Server Control Console
14
Enabling SSL in the Middle Tier
14.1
SSL Communication Paths in the Middle Tier
14.2
Recommended SSL Configurations
14.3
Common SSL Configuration Tasks for the Middle Tier
14.3.1
Enabling SSL in OracleAS Web Cache
14.3.2
Enabling SSL in the Oracle HTTP Server
14.3.3
Enabling SSL in OC4J
14.3.3.1
Configuring SSL from Oracle HTTP Server to OC4J
14.3.3.2
Using Port Tunneling (iaspt) from Oracle HTTP Server to OC4J
14.3.3.3
Configuring ORMI/HTTP SSL
14.3.3.4
Configuring the Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider for SSL with Oracle Internet Directory
14.3.3.5
Configuring Oracle HTTP Server for SSL
14.3.3.6
Configuring SSL in Standalone OC4J Installations
14.3.4
Enabling SSL in J2EE and Web Cache Installations
14.3.5
Enabling SSL in Virtual Hosts
14.3.6
Configuring SSL for Oracle Enterprise Manager 10
g
15
Troubleshooting SSL
15.1
Name-Based Virtual Hosting and SSL
15.2
Common ORA Errors Related to SSL
Part V Backup and Recovery
16
Introduction to Backup and Recovery
16.1
Philosophy of Oracle Application Server Backup and Recovery
16.2
Overview of the Backup Strategy
16.2.1
Types of Backups
16.2.2
Oracle Application Server Component Backup Input Files
16.2.3
Plug-in Backup Input File
16.2.4
Recommended Backup Strategy
16.3
Overview of Recovery Strategies
16.4
What Is the OracleAS Recovery Manager?
16.5
Assumptions and Restrictions
16.6
Roadmap for Getting Started with Backup and Recovery
17
Oracle Application Server Recovery Manager
17.1
How to Obtain OracleAS Recovery Manager
17.2
How to Configure OracleAS Recovery Manager Manually
17.3
Customizing OracleAS Recovery Manager for Your Configuration Files
17.3.1
How OracleAS Recovery Manager Works When Backing Up Configuration Files
17.3.2
How to Customize OracleAS Recovery Manager
17.4
OracleAS Recovery Manager Usage Summary
17.4.1
Prerequisites for Running OracleAS Recovery Manager
17.4.2
Syntax
17.4.3
Usage Examples
17.4.4
Purging Backups and Moving Them to Tertiary Storage
18
Backup Strategy and Procedures
18.1
Recommended Backup Strategy
18.2
Backup Procedures
18.2.1
Creating a Record of Your Oracle Application Server Configuration
18.2.2
Performing an Oracle Application Server Instance Backup from the Command Line
18.2.3
Performing a Complete Oracle Application Server Environment Backup
18.3
Recovering a Loss of Host Automatically
18.3.1
Preparing to Use Loss of Host Automation
18.3.2
Enabling Loss of Host Automation
18.3.3
Restoring a Node on a New Host
18.3.4
Recovering an Instance on the Same Host
19
Recovery Strategies and Procedures
19.1
Recovery Strategies
19.1.1
Recovery Strategies for Data Loss, Host Failure, or Media Failure (Critical)
19.1.2
Recovery Strategies for Process Failures and System Outages (Non-Critical)
19.2
Recovery Procedures
19.2.1
Restoring a Middle-Tier Installation to the Same Host
19.2.2
Restoring a Middle-Tier Installation to a New Host
19.2.3
Restoring Middle-Tier Configuration Files
19.2.4
Restoring an Oracle Application Server Instance
20
Troubleshooting OracleAS Recovery Manager
20.1
Problems and Solutions
20.1.1
Receiving Missing Files Messages During restore_config Operation
20.1.2
Failure Due to Loss or Corruption of opmn.xml File
20.1.3
Timeout Occurs While Trying to Stop Processes Using the opmnctl stopall Command
Part VI Appendixes and Glossary
A
Managing and Configuring Application Server Control
A.1
Starting and Stopping Application Server Control
A.1.1
Verifying That the Application Server Control Is Running
A.2
Changing the Application Server Control Administrator Password
A.2.1
Changing Your Own Administrator Account
A.2.2
Changing the oc4jadmin Password for the Administration OC4J Instance
A.2.3
Changing the oc4jadmin Password for a Remote OC4J Instance
A.3
Configuring Security for the Application Server Control Console
A.3.1
Securing Communication Between Browser Clients and Web Servers That Host Application Server Control Console
A.3.2
Securing Communication Between Components of Oracle Application Server
A.3.2.1
Securing Communication Between the Administration OC4J and Remote OC4J Instances
A.3.2.2
Securing OPMN Communication in an Oracle Application Server Cluster
A.4
Configuring Logging for Application Server Control
A.4.1
Enabling and Configuring ODL for the Application Server Control Log File
A.4.1.1
Configuring the Application Server Control Logging Properties to Enable ODL
A.4.1.2
About the Application Server Control ODL Logging Properties
A.4.2
Configuring Logging Properties When ODL Is Not Enabled
A.5
Enabling Enterprise Manager Accessibility Mode
A.5.1
Making HTML Pages More Accessible
A.5.2
Providing Textual Descriptions of Enterprise Manager Charts
A.5.3
Modifying the uix-config.xml File to Enable Accessibility Mode
A.6
Publishing Application Server Control Console to a Separate Web Site
B
Oracle Application Server Command-Line Tools
C
URLs for Components
D
Oracle Application Server Port Numbers
D.1
Port Numbers and How They Are Assigned
D.1.1
OC4J, OPMN, and Oracle HTTP Server Ports
D.1.2
Port Numbers for Other Components
D.2
Port Numbers (Sorted by Port Number)
D.3
Ports to Open in Firewalls
E
Examples of Administrative Changes
E.1
How to Use This Appendix
E.2
Examples of Administrative Changes (by Component)
F
Supplementary Procedures for Configuring LDAP-Based Replicas
F.1
About LDAP-Based Replicas
F.1.1
What Is an LDAP-Based Replica?
F.1.2
How Is the LDAP-Based Replica Used for Changing Infrastructure Services?
F.2
Installing and Setting Up an LDAP-Based Replica
F.2.1
Things to Know Before You Start
F.2.2
Procedure
G
Viewing Oracle Application Server Release Numbers
G.1
Release Number Format
G.2
Viewing Oracle Application Server Installation Release Numbers
G.3
Viewing Component Release Numbers
G.4
Using the OPatch Utility
G.4.1
Requirements
G.4.2
Running the OPatch Utility
G.4.2.1
apply Option
G.4.2.2
lsinventory Option
G.4.2.3
query Option
G.4.2.4
rollback Option
G.4.2.5
version Option
H
Troubleshooting Oracle Application Server
H.1
Diagnosing Oracle Application Server Problems
H.2
Common Problems and Solutions
H.2.1
Application Performance Impacted by Garbage Collection Pauses
H.2.2
Application Server Returns Connection Refused Errors
H.2.3
Oracle HTTP Server Unable to Start Due to Port Conflict
H.2.4
Machine Overloaded by Number of HTTPD Processes
H.2.5
Oracle Application Server Process Does Not Start
H.2.6
OPMN Start Up Consumes CPU Processing Capability
H.2.7
Browser Displaying a Page Not Displayed Error
H.2.8
Standby Site Not Synchronized
H.2.9
Failure to Bring Up Standby Instances After Failover or Switchover
H.2.10
Previously Working Application Using ADF Business Components Starts Throwing JDBC Errors
H.3
Troubleshooting Application Server Control
H.3.1
Resetting the Administrator (oc4jadmin) Password
H.3.2
Deployment Performance in Internet Explorer 6.0 and Netscape Navigator 7.0
H.3.3
Troubleshooting OC4J Out-of-Memory Errors
H.3.4
"403 Forbidden - Directory browsing not allowed" Error When Testing a Web Module or Web Service
H.3.5
Administrator Credentials Error When Attempting to Access the OC4J Home Page in a Cluster Topology
H.4
Need More Help?
Glossary
Index