Oracle® Adaptive Access Manager Installation and Configuration Guide Release 10g (10.1.4.5) Part Number E12050-03 |
|
|
View PDF |
This chapter describes common troubleshooting issues and tips to resolve them. The following topics are covered:
Background Images Are Not Displayed in Adaptive Strong Authenticator
Adaptive Risk Manager Online Is Accessible But Queries Return Database Errors
Adaptive Risk Manager Online Application Throws Timeout Errors
Rule Conditions Import Causes weblogic.jdbc.wrapper.Clob_oracle_sql_CLOB Exception
Unable To Reset All User Information From Adaptive Risk Manager Online Customer Care
The Adaptive Risk Manager Online Sample Webapp Deployed To Latest WebSphere 6.1 Throws An Error
Adaptive Risk Manager Offline Application Server Fails with OutOfMemory Error During Data Load
Oracle Adaptive Access Manager is slow to respond; and diagnostics, logs, and errors--such as "hogging thread counts and a large number of SQL*net and RX errors--indicate a network issue.
If you are experiencing a network performance issue, monitor your network interface using a network utility like Ethtool (for Linux) to help you analyze your network bottleneck.
Problem: When initialization parameters were altered with the alter system set <PARA>=<VALUE> scope=spfile
command as per the instructions in the "Oracle Initialization Parameters" section, the values did not appear to change.
Solution: Restart the database.
Problem: The tables were not created after running the db_setup.sql script. An error message appears, stating that the table or view does not exist.
Solution: The user created did not have the right file permissions; therefore, the tablespace could not be created. Ensure that the user has the right file permissions.
Ensure that the JAVA_HOME environment variable is set to point to the Java installation directory. For example /usr/java.Also check that the CLASSPATH or PATH environment variable is defined and has the Java core libraries listed (among other items). For example, CLASSPATH=/usr/java/lib/.
Check the background images path configured in bharosa_client.properties.
Note that asynchronous appenders are not recommended in the log4j configuration.
Make sure directories referenced in all appender sections are physically present and accessible to the application server. In the example configurations below, make sure "/logs/" & "/home/abc/toplink/" directory mentioned below is present and accessible.
Example:
<appender name="BHAROSA_FILE" class="org.apache.log4j.DailyRollingFileAppender"> <param name="File" value="/logs/bharosauio_bharosa_log.txt"/> <param name="DatePattern" value="'.'yyyy-MM-dd-HH"/> <layout class="org.apache.log4j.PatternLayout"> <param name="ConversionPattern" value="%d %-5p [app=bharosauio] [%t] %c - %m\n"/> </layout> </appender> <appender name="TOPLINK_FILE" class="org.apache.log4j.DailyRollingFileAppender"> <param name="File" value="/home/abc/toplink/bharosauio_toplink_log.txt"/> <param name="DatePattern" value="'.'yyyy-MM-dd-HH"/> <layout class="org.apache.log4j.PatternLayout"> <param name="ConversionPattern" value="%d %-5p [app=bharosauio] [%t] %c - %m\n"/> </layout> </appender>
Check if the remote calls do have DNS lookup or network connectivity. Check the DNS lookup capabilities. Using IP, instead of name may be faster.
Make sure soap time out is not set to too low. Parameter "vcrypt.soap.call.timeout" affects the timeout and default is set to 3000 (3 secs)
Check the port on which the application server is active and serving the Adaptive Risk Manager Online application.
Make sure DNS entry is correct and/or IP Address is accessible.
Rule execution logs are written asynchronously and may not be available immediately. Check back later to see if they are available.
Check that the user id has access and is a member of the predefined roles. The roles are defined in the application server for Adaptive Risk Manager.
Ensure correct database access credentials are used in the sessions.xml. If data source is used, make sure data source is configured correctly.
Check that the TCP/IP port specified on the database server for database access is correct and the database server is listening on the port.
Check the timeout settings for the application server container.
Check that the user ID is a member of the predefined roles, which were defined in the application server for Adaptive Risk Manager.
Problem: Adaptive Risk Manager is deployed in WebLogic server. Import fails with the following error:
weblogic.jdbc.wrapper.Clob_weblogic_jdbc_base_BaseClob cannot be cast to oracle.sql.CLOB
Solution: There is a known issue with WebLogic JNDI for handling CLOB. The current recommended workaround is to change the platform class in sessions.xml file to the one provided in the Adaptive Risk Manager distribution. Please refer to Section 13.3.1, "Oracle" in Chapter 13, "Configuring Database Connectivity."
Problem: While importing the rule conditions using Oracle XE configured through JNDI, a weblogic.jdbc.wrapper.Clob_oracle_sql_CLOB exception occurs. The trace references Oracle8Platform.writeLOB.
Solution: Change the platform class in sessions.xml file to com.bharosa.common.db.wldbutil.Oracle10PlatformLOBUtil and restart WebLogic.
Check that the user id accessing Adaptive Risk Manager Online customer care is a member of the predefined roles, which were defined in the application server for Adaptive Risk Manager. Refer to Appendix A, "Adaptive Risk Manager User Groups" for more information about roles.
The following error message appears:
The EAR file might be corrupt or incomplete. org.eclipse.jst.j2ee.commonarchivecore.internal.exception.DeploymentDescriptorLoadException: WEB-INF/web.xml
Solution 1
The error is due to J2EE spec. backward compatibility from IBM WebSphere as noted here - http://www-1.ibm.com/support/docview.wss?uid=swg24009603
The following lines from web.xml needs to be changed:
Old snippet:
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtds/web-app_2_3.dtd">
New snippet:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
Solution 2
The error is caused by: org.eclipse.jst.j2ee.commonarchivecore.internal.exception.DeploymentDescriptorLoadException: META-INF/application.xml
Make sure the Web Archive (war) is correctly deployed as an EAR file. It's recommended to deploy using the WAS Admin Console.
Error Message: com.sun.crypto.provider.SunJCE
Error Code: 500
Target Servlet: action
Error Stack:
java.lang.NoClassDefFoundError: com.sun.crypto.provider.SunJCE at java.lang.J9VMInternals.verifyImpl(Native Method)
Make sure the CLASSPATH has jce.jar included. You may need to change the JAVA_HOME to point to non-default Java (default is from IBM which doesn't contain JCE jars). Set bharosa.security.provider.use.default=true
in bharosa_server.properties
.
References:
ftp://ftp.software.ibm.com/software/webserver/appserv/library/v61/wasv610base_i_devdep.pdf
http://www-306.ibm.com/software/webservers/appserv/was/library/
The Adaptive Risk Manager Offline application server fails with an OutOfMemory error during data load; the environment uses a SQL Server database.
To load login data from a SQL Server database, the JDBC connection string should be updated to include "selectMethod=cursor".
On the Admin menu, point to DB Configurations and then click List Configurations.
In the Properties tab of your DB Configuration, update "Remote RA DB JDBC URL" to include "selectMethod=cursor", as shown in the example below:
jdbc:sqlserver://localhost:1433;databaseName=oaam_offline;selectMethod=cursor
If you are getting errors while trying to connect to your Oracle database, check the tns listener status.
If the tns listener is not running, start it by issuing the command:
lsnrctl start
If the operating system becomes unresponsive while Oracle Adaptive AccessManager is running under heavy load, please try increasing the "pending signals" value.
The thumb rule is pending signals should be equal to max user processes. By default pending signals is 1024.
::ulimit -a:: pending signals (-i) 73728 max user processes (-u) 73728
The above can be changed by modifying /etc/security/limits.conf with the following entries:
::/etc/security/limits.conf:: aime1 soft sigpending 73728 aime1 hard sigpending 73728
Note:
Oracle Adaptive Access Manager need not be restarted for this change to be effective.
This change is applicable to OEL and RHEL.