Oracle® Access Manager Configuration Manager Installation and Administration Guide 10g (10.1.4.2.0) Part Number E10358-01 |
|
|
View PDF |
The information here is provided to help you when troubleshooting issues that arise during installation and setup of Oracle Access Manager Configuration Manager and data migration. Secrtions in this chapter include:
As mentioned in Chapter 2, Oracle Access Manager Configuration Manager uses Oracle Diagnostic Logging for Java (ODL) to produce log files.
The generated log file helps administrators verify Configuration Manager activities such as adding a new environment, creating snapshots, migrating data, and so on. Log entries include details about Oracle Access Manager Configuration Manager, the repository, and environments (directory servers). For example, if you attempt to add new environment (LDAP directory) details in Configuration Manager when the repository is offline, a log entry is created stating that the database is not running.
Log File Naming: The current ODL log file naming standard is followe, which means that each new log file that is generated is named log.xml. The generated log file is stored as:
$OC4J_Home/j2ee/home/log/OAMCMLogs/log.xml
You configure logs for Oracle Access Manager Configuration Manager by including specific logger and log handler details in the in the following file:
OC4J_Home/j2ee/home/config/j2ee-logging.xml
The following sample j2ee-logging.xml file does not include any details for Oracle Access Manager Configuration Manager:
<?xml version="1.0" encoding="iso-8859-1?> <!-- Logging configuration file for OC4J. The guidelines are based on the java.util.logging package and the DTD for this XML file can be found in the javadoc for oracle.core.ojdl.logging.LoggingConfiguration on http://dms.us.oracle.com/javadoc/ --> <logging_configuration> <log_handlers> <log_handler name="console-handler" class="java.util.logging.ConsoleHandler" formatter="oracle.core.ojdl.logging.SimpleFormatter"/> <log_handler name="oc4j-handler" class="oracle.core.ojdl.logging.ODLHandlerFactory"> <property name="path" value="../log/oc4j"/> <property name="maxFileSize" value="10485760"/> <property name="maxLogSize" value="104857600"/> <property name="encoding" value="UTF-8"/> </log_handler> </log_handlers> <loggers> <!-- Default Logger, useParentHandlers should be set to false because the root Logger (named the empty string "") will log to console --> <logger name="oracle" level="NOTIFICATION:1" useParentHandlers="false"> <handler name="oc4j-handler"/> <handler name="console-handler"/> </logger> </loggers> </logging_configuration>
The following sample j2ee-logging.xml file includes the encoding, logger, and log handler entries (in bold, based on ODL specifications) that are required to enable logging for Oracle Access Manager Configuration Manager. For the steps to edit this file, see "Configuring Logging for Oracle Access Manager Configuration Manager".
<?xml version="1.0" encoding="UTF-8"?> <!-- Logging configuration file for OC4J. The guidelines are based on the java.util.logging package and the DTD for this XML file can be found in the javadoc for oracle.core.ojdl.logging.LoggingConfiguration on http://dms.us.oracle.com/javadoc/ --> <logging_configuration> <log_handlers> <log_handler name="console-handler" class="java.util.logging.ConsoleHandler" formatter="oracle.core.ojdl.logging.SimpleFormatter"/> <log_handler name="oc4j-handler" class="oracle.core.ojdl.logging.ODLHandlerFactory"> <property name="path" value="../log/oc4j"/> <property name="maxFileSize" value="10485760"/> <property name="maxLogSize" value="104857600"/> <property name="encoding" value="UTF-8"/> </log_handler> <!-HM Application specific log Handler --> <log_handlername="HMLog-Handler" class="oracle.core.ojdl.logging.ODLHandlerFactory"> <property name="path" value="../log/OAMCMLogs"/> <property name="maxFileSize" value="10485760"/> <property name="maxLogSize" value="104857600"/> <property name="encoding" value="UTF-8"/> </log_handler> </log_handlers> <loggers> <!-- Default Logger, useParentHandlers should be set to false because the root Logger (named the empty string "") will log to console --> <logger name="oracle" level="NOTIFICATION:1" useParentHandlers="false"> <handler name="oc4j-handler"/> <handler name="console-handler"/> </logger> <!-- HM Application logger --> <logger name="com.oracle.hm.log.HMLogger" level="ALL" useParentHandlers="false"> <handler name="HMLog-Handler"/> </logger> </loggers> </logging_configuration>
The generated log file includes the operation name, the individual who performed the operation, a time stamp, the status of the operation, and any errors as discussed later. J2SE includes two standard formatters:
SimpleFormatter: Writes brief human-readable summaries of log records.
XMLFormatter: Writes detailed XML-structured information.
You can either view the generated log file as an XML file or apply a stylesheet of your own design to view the files. Oracle Access Manager Configuration Manager does not provide stylesheets for this purpose.
Normal event information is provided to administrators. Low-level traces and debug information can be provided to advanced administrators. For details about specific events and who can view these, see Table B-4.
The log file looks something like the following example:
<MESSAGE> <HEADER> <TSTZ_ORIGINATING>2006-07-20T18:57:17.968+05:30</TSTZ_ORIGINATING> <COMPONENT_ID>oracle</COMPONENT_ID> <MSG_TYPE"NOTIFICATION"></MSG_TYPE> <MSG_LEVEL>1</MSG_LEVEL> <HOST_ID>ps0065</HOST_ID> <HOST_NWADDR>10.77.199.149</HOST_NWADDR> <MODULE_ID>hm.log.HMLogger</MODULE_ID> <THREAD_ID>10</THREAD_ID> <USER_ID>sharadchandra_chaval</USER_ID> </HEADER> <CORRELATION_DATA> <EXEC_CONTEXT_ID><UNIQUE_ID>10.77.199.149:25178:1153402038031:0</UNIQUE_ ID><SEQ>0</SEQ></EXEC_CONTEXT_ID> </CORRELATION_DATA> <PAYLOAD> <MSG_TEXT>Entering Into Method - com.oracle.hm.hmobjectshandler. HMObjectsHandler.getInstance </MSG_TEXT> </PAYLOAD> </MESSAGE> .... <MESSAGE> <HEADER> <TSTZ_ORIGINATING>2006-07-20T18:57:18.062+05:30</TSTZ_ORIGINATING> <COMPONENT_ID>oracle</COMPONENT_ID> <MSG_TYPE TYPE="NOTIFICATION"></MSG_TYPE> <MSG_LEVEL>1</MSG_LEVEL> <HOST_ID>ps0065</HOST_ID> <HOST_NWADDR>10.77.199.149</HOST_NWADDR> <MODULE_ID>hm.log.HMLogger</MODULE_ID> <THREAD_ID>10</THREAD_ID> <USER_ID>gail_tiberi</USER_ID> </HEADER>
Each log message contains a number of required attributes, and can contain additional optional attributes.
Required Attributes: All diagnostics log messages must have the following attributes:
Time stamp
Component ID
Message type
Message ID (for each message of the type Notification and greater)
Execution Context ID
Message level
Message text
Module ID (use the component ID if the component is a single module component)
Optional Attributes: Diagnostics log messages can have the following attributes:
Organization ID
Instance ID
User ID
Message Arguments
Process ID
Thread ID
Host ID
Host Network Address
Supplemental Detail
Note:
The Logging Service will be able to provide the Instance ID, Process ID, Host ID, and Host Network Address. Avoid using implicit attributes.Component-Specific Attributes: Components might have additional component-specific attributes that are added using the supplemental attributes fields. The definition and contents of these attributes are specific to each component. For supplemental, Oracle Enterprise Manager requires user-friendly names (WIP, for example).
Implicit Attributes: The value of some attributes might be implicit from the context, even if it does not appear explicitly in the log message. For example, if a component has a private log that only contains log messages for that component (for example, a log for OC4J that has messages only for that OC4J instance), then all log messages are assumed to have the component ID attribute set to the component that owns the log. Avoid using implicit attributes.
Table B-1 provides more information about ODL log message text format fields.
Table B-1 ODL Log Message Text Format Fields
Field Name | Short Name | Required (Y/N) | Comments |
---|---|---|---|
TIMESTAMP, ORIGINATING |
N/A |
Y |
Use [] if no value |
TIMESTAMP, NORMALIZED |
N/A |
N |
Use [] if no value |
COMPONENT ID |
N/A |
Y |
Use [] if no value |
MESSAGE ID |
N/A |
Y |
Use [] if no value |
MESSAGE TYPE |
N/A |
Y |
Use [] if no value |
MESSAGE LEVEL |
N/A |
Y |
Use [] if no value |
MODULE ID |
N/A |
Y |
|
MESSAGE TEXT |
N/A |
Y |
|
EXECUTION_CONTEXT_ID |
ecid |
Y |
|
ORGANIZATION_ID |
org |
N |
|
HOSTING_CLIENT_ID |
hostingClientid |
N |
|
MESSAGE_GROUP |
group |
N |
|
HOST_ID |
host |
N |
|
HOST_NWADDR |
nwaddr |
N |
|
PROCESS_ID |
N |
||
THREAD_ID |
tid |
N |
|
USER_ID |
userid |
N |
|
UPSTREAM_COMPONENT_ID |
upstreamComp |
N |
|
DOWNSTREAM_COMPONENT_ID |
downstreamComp |
N |
|
ERROR_INSTANCE_ID |
errid |
N |
|
DETAIL_LOCATION |
detailLoc |
N |
Table B-2 outlines the diagnostic message attributes in more detail.
Table B-2 Log File Diagnostic Message Attributes
Attribute Name | Description | Example |
---|---|---|
Timestamp, originating |
Date and time when the message was generated. The timestamp should have as much precision as possible. At a minimum is should it should have at least up to the second, but using milliseconds is recommended. |
2003-12-20T12:30:45.123-08:00 |
Timestamp, normalized |
Date and time when the message was generated, adjusted for time difference between the host where the message was generated and the host of the common repository. This field is only set when the log message is written to a central repository, and should not be set by components. |
2003-12-20T12:30:45.123-08:00 |
Organization ID |
The organization that wrote the component that originated the message. All Oracle components should use ' |
oracle |
Component ID |
The component that originated the message. |
OHS |
Instance ID |
The instance to which the component that originates the messages belongs. This field will usually be set only when messages are written to a central repository. |
OraHome1.mjgoncal-sun.us.oracle.com |
Message ID |
A short identifier that uniquely identifies the message. The Message ID should be in the format |
MAS-12345 |
Message Type |
The type of the message. The five defined message types are: INTERNAL_ERROR, ERROR, WARNING, NOTIFICATION, and TRACE. In addition, the value UNKNOWN can be used when the type is not known. |
NOTIFICATION |
Message Level |
The level qualifies the message type, indicating the degree of severity of the message. The value is an integer from 1 (highest severity) to 32 (lowest severity). |
1 |
Host ID |
The host name where the message originates. For Java, this should be the value returned by java.net.InetAddress.getLocalHost().getHostName(). |
mjgoncal-sun.us.oracle.com |
Host NW Addr |
The network address of the host where the message originates. For Java, this should be the value returned by java.net.InetAddress.getLocalHost().getHostAddress(). |
138.1.42.113 |
Module ID |
An identifier of the module that originated the message. The value is component specific |
main |
Process ID |
An identifier of the process or execution unit that generated the message. The value should be the operating system PID, or some other value that can be used to identify the process. |
1234 |
Thread ID |
An identifier of the thread that generated the messages |
main |
User ID |
The user whose execution context originated the message |
scott |
Supplemental Attributes |
A list of supplemental, application specific, message attributes. Each supplemental attribute must have a name and value |
name=URL, value=/dmsoc4j/Spy |
Execution Context ID |
A global unique identifier and a sequence number of the thread of execution that the originating component participates in. The identifier can be used to correlate messages from several components that can be involved in the same thread of execution. |
1234567890,1 |
Message Text |
A descriptive text for the message. This should be a short description of the event, with at most 1000 characters. |
|
Supplemental Detail |
Supplemental information about the event. This can contain more detailed information than the message text. A Java stack trace, for example, should be in the supplemental detail, not in the message text. |
java.lang.NullPointerException at Test.main(Test.java:20) |
In java.util.logging
, levels are represented by objects of class java.util.logging.Level
. There is a small number of predefined levels (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST
). However, applications can create additional levels. Each level is uniquely identified by an integer value. Therefore, it is possible to create one new level object for each possible integer value.
Java levels are mapped to ODL message types and levels. In general, only the ODL message types and levels should be exposed in the component configuration. Mapping of ODL message type and level to java.util.logging.Level
will be provided by a subclass of the Level class. All possible Java levels (from Integer.MIN_VALUE
to Integer.MAX_VALUE
) have a mapping. Components are not restricted to using the predefined levels. The mapping for the predefined java levels as shown in Table B-3
Table B-3 Java Levels and Corresponding ODL MessageType:Level
Java Level | ODL MessageType:Level |
---|---|
SEVERE.intValue()+100 |
INTERNAL_ERROR:1 |
SEVERE |
ERROR:1 |
WARNING |
WARNING:1 |
INFO |
NOTIFICATION:1 |
CONFIG |
NOTIFICATION:16 |
FINE |
TRACE:1 |
FINER |
TRACE:1 |
FINEST |
TRACE:32 |
Java levels with an integer value that falls between two predefined levels are mapped to the next mapped MessageType (with the ODL level set to an appropriate value), depending on the difference between the level and the next predefined level. Java levels less than FINEST and greater than SEVERE.intValue() + 100 are mapped to UNKNOWN.
Messages of type INTERNAL_ERROR, ERROR, WARNING and NOTIFICATION have a message ID composed of a short component prefix (3 to 6 characters) and a 5-digit message number. For example, MAS-12345.
Table B-4 outlines the log file message types and levels in greater detail.
Table B-4 Log File Message Types
ODL Message Type/Level (Java Level) | Intended Audience | Description | Expected Volume |
---|---|---|---|
INTERNAL_ERROR:1 (SEVERE.intValue()+100) |
System Administrators, Application Developers, Oracle Support |
A serious problem that can be caused by a bug in the product and that should be reported to Oracle Support. The occurrence of an internal error triggers the generation of an incident by the Diagnosability Framework. |
Low. No performance impact. |
ERROR:1 (SEVERE) |
System Administrators Application Developers, Oracle Support |
A serious problem that requires immediate attention from the System Administrator. This is not caused by a bug in the product |
Low. No performance impact. |
WARNING:1 (WARNING) |
System Administrators Application Developers, Oracle Support |
A potential problem that should be reviewed by the System Administrator. |
Low. No performance impact. |
NOTIFICATION:1 (INFO) |
System Administrators Application Developers, Oracle Support |
A normal event that occurs in the System. No performance impact. This is the default Level at which the product is shipped. |
Low |
NOTIFICATION:16 (CONFIG) |
System Administrators Application Developers, Oracle Support |
A finer level of granularity for reporting normal events. Minimal performance impact. While this is not the default Level for the product, it should be possible to enable this level broadly in a production environment without having a significant performance impact in the product. |
Low to moderate. |
TRACE:1 (FINE) |
Advanced System Administrators, Advanced Application Developers, Oracle Support |
Trace or debug information for events that are meaningful to end users of the product, such as public API entry/exit points. The messages should be clear enough to be understood by someone who does not know internal implementation details. Small performance impact. This level can be enabled broadly occasionally on a production environment to debug issues with the product. Enabling logging at this level can have a small performance impact, but not to the point of making the product unusable. It should be possible to enable this level on a production system to write to a circular memory buffer (MemoryHandler) without a significant performance impact |
Moderate |
TRACE:16 (FINER) |
Oracle Support |
Detailed trace or debug information that can help Oracle Support diagnose problems with a particular subsystem. The messages should be clear enough to be understood by Oracle Support engineers who have a deep knowledge of the product but cannot know full details of the internal implementation. This level should not be enabled on a production environment, except on special situations to debug issues with the product. It is not expected that this level will be enabled broadly for the product, but only for a few specific sub-systems (loggers). |
High |
TRACE:32(FINEST) |
Oracle DDR |
Very detailed trace or debug information that usually is intended for an Oracle developer working on the product and who knows enough details about the implementation of the sub-system that generates the message. This level is not expected to be enabled in a production environment and it is intended to be used to debug the product on a test or development environment |
Very high |
Oracle Access Manager Configuration Manager audits certain events and stores all audit entries in the Oracle Database repository, in the OCMAUDIT table. You can query the OCMAUDIT table within the Oracle Database repository and use external applications to view these reports.
Oracle Access Manager Configuration Manager audits the event types for the functions outlined in Table B-5.
Table B-5 Audited Event Types and Functions
Read/ Access | Write/ Add/ Create | Update | Delete | Restore | |
---|---|---|---|---|---|
Environment Functions |
Y |
Y |
Y |
||
Association Functions |
Y |
Y |
Y |
||
Transformation_Rule Functions |
Y |
Y |
Y |
||
Snapshot Functions |
Y |
Y |
Y |
||
Transaction Functions |
Y |
Y |
Y |
||
Database Configuration Functions |
Y |
A report is generated by exporting the Oracle Access Manager Configuration Manager audit table from the Oracle Database repository to a Microsoft Excel spreadsheet. You can use Crystal Reports to view an audit report of your own configuration.
To create an audit report
Query the OCMAUDIT table in the Oracle Database repository.
Export the OCMAUDIT table into a spreadsheet application.
Use an external reporting tool (Crystal Reports) to view the report.
Table B-6 shows a sample audit report from Oracle Access Manager Configuration Manager.
Table B-6 Sample Audit Report
COMPONENT_NAME | EVENT_TYPE | EVENT_OWNER | EVENT_DATETIME | EVENT_STATUS | EVENT_DESCRIPTION |
---|---|---|---|---|---|
Snapshot |
Create |
User _A |
Fri Nov 03 13:50:07 GMT+05:30 2006 |
Successful |
Create Snapshot SnapshotName=TestSnaphot, EnvironmentName=10104DEV |
Snapshot |
Restore |
User _A |
Fri Nov 03 13:51:23 GMT+05:30 2006 |
Successful |
Create Snapshot SnapshotName=TestSnaphot, EnvironmentName=10104DEV |
Snapshot |
Restore |
User _A |
Fri Nov 03 13:51:36 GMT+05:30 2006 |
Successful |
Create Snapshot SnapshotName=TestSnaphot, EnvironmentName=10104DEV |
Database_Configuration |
Update |
Admin _A |
Fri Nov 03 13:53:16 GMT+05:30 2006 |
Successful |
Update Database_Configuration |
Environment |
Create |
User _B |
Fri Nov 03 14:07:40 GMT+05:30 2006 |
Successful |
Create: EnvironmentName=TestAudit |
Environment |
Create |
User _B |
Fri Nov 03 14:07:41 GMT+05:30 2006 |
Successful |
Add Environment Parameter : EnvironmentName=TestAudit, Parameter : password=TestAudit |
Environment |
Create |
User _B |
Fri Nov 03 14:07:41 GMT+05:30 2006 |
Successful |
Add Environment Parameter : EnvironmentName=TestAudit, Parameter : config-dn=TestAudit |
Environment |
Create |
User _B |
Fri Nov 03 14:07:41 GMT+05:30 2006 |
Successful |
Other entries not included in this table. |
Environment |
Create |
User _B |
Fri Nov 03 14:07:41 GMT+05:30 2006 |
Successful |
Add Environment Parameter : EnvironmentName=TestAudit, Parameter : port=1947 |
Environment |
Update |
User _B |
Fri Nov 03 14:10:38 GMT+05:30 2006 |
Successful |
Update : EnvironmentName=TestAudit, Parameters : Description=TestAuditChanging |
Environment |
Update |
User _B |
Fri Nov 03 14:10:40 GMT+05:30 2006 |
Successful |
Update Environment Parameter : EnvironmentName=TestAudit, Parameters : password=TestAudit |
Environment |
Update |
User _B |
Fri Nov 03 14:10:40 GMT+05:30 2006 |
Successful |
Update Environment Parameter : EnvironmentName=TestAudit, Parameters : config-dn=TestAudit |
Environment |
Update |
User _B |
Fri Nov 03 14:10:40 GMT+05:30 2006 |
Successful |
Update Environment Parameter : EnvironmentName=TestAudit, Parameters : hostName=TestAudit |
Environment |
Update |
User _B |
Fri Nov 03 14:10:40 GMT+05:30 2006 |
Successful |
Other entries not included in this table. |
Environment |
Delete |
User _B |
Fri Nov 03 14:11:23 GMT+05:30 2006 |
Successful |
Delete Environment Parameters : EnvironmentName=TestAudit |
Association |
Create |
User _A |
Fri Nov 03 14:13:39 GMT+05:30 2006 |
Successful |
Create : AssociationName=TestAuditAssociation |
Association |
Update |
User _A |
Fri Nov 03 14:13:39 GMT+05:30 2006 |
Successful |
Update : AssociationName=TestAuditAssociation |
Transformation_rule |
Delete |
User _A |
Fri Nov 03 14:14:49 GMT+05:30 2006 |
Successful |
Delete Transformation Rules For Association : AssociationName=TestAuditAssociation |
Association |
Delete |
User _A |
Fri Nov 03 14:13:39 GMT+05:30 2006 |
Successful |
Delete : AssociationName=TestAuditAssociation |
Transaction |
Create |
User _A |
Fri Nov 03 14:19:14 GMT+05:30 2006 |
Successful |
Started Transaction TransactionID=2114, AssociationName=1014Dev-QA |
Transaction |
Update |
User _A |
Fri Nov 03 14:19:14 GMT+05:30 2006 |
Successful |
Update Transaction Status : TransactionID=2114 |
Transaction |
Commit |
User _A |
Fri Nov 03 14:19:23 GMT+05:30 2006 |
Successful |
Commit Transaction : TransactionID=2114 |
Table B-7provides a list of messages that you might see as well as the cause of the message and actions that you can take the resolve the issue
Table B-7 Configuration Manager Message, Cause, and Resolution
Number | Message | Cause | Resolution |
---|---|---|---|
1 |
OAMCM application repository is not configured or not running |
|
Perform the following steps, as needed:
|
2 |
Environment Parameter Not Found - config-DN |
The configuration DN parameter for the LDAP directory environment was not found in the repository. If environment information was entered, it might be inaccurate or incomplete or the configuration DN might not start from the |
|
3 |
Environment Parameters Found NULL |
The environment parameters could not be found.
|
Perform the following steps, as needed:
|
4 |
Logical Object Is NULL |
Oracle Access Manager Configuration Manager failed to fetch the logical object from the LDAP directory environment. Perhaps the LDAP directory environment is down. |
Perform the following steps, as needed:
|
5 |
Error In Getting Database Processor. |
This Oracle Database processor-related exception occurs mainly when the Configuration Manager cannot connect to the repository. This might mean that:
|
Perform the following steps, as needed:
|
6 |
Failed To Get Environment Using Database Processor. |
This Oracle Database processor-related exception occurs mainly when the Configuration Manager cannot connect to the repository. This might mean that:
|
Perform the following steps, as needed:
|
7 |
Failed To Get Environment - HMEnvironmentCreationException Found. |
Either the repository is not accessible or the LDAP directory environment is not accessible. |
Perform the following steps, as needed:
|
8 |
Failed To Get Environment |
Either the repository is not accessible or the LDAP directory environment is not accessible. |
Perform the following steps, as needed:
|
9 |
Error While Getting Environment LogicalObject IDs |
Either the repository is not accessible or the LDAP directory environment is not accessible or the configuration DN is not accessible. |
Perform the following steps, as needed:
|
'0 |
SQLException Occurred While Adding Snapshot Entry Into Database |
Either the repository is not accessible or the LDAP directory environment is not accessible (the configuration DN is not accessible). |
Perform the following steps, as needed:
|
11 |
HMRepositortException Occurred While Getting Connection To Database |
|
Perform the following steps, as needed:
|
12 |
Snapshot Of Config Data Failed |
|
Perform the following steps, as needed:
|
13 |
Snapshot Of Policy Data Failed |
|
Perform the following steps, as needed:
|
14 |
Invalid username/password; logon denied. |
|
|
15 |
Directory Server Connection Failed. |
The LDAP directory environment might not be live and online or the environment specifications in the Configuration Manager might be incomplete or inaccurate. |
Perform the following steps, as needed:
|
16 |
Error Occurred While importing the ldif file into the directory |
The LDAP directory environment might not be live and online or the environment specifications in the Configuration Manager might be incomplete or inaccurate. |
Perform the following steps, as needed:
|
17 |
Database Connection Failed, Connection Object Found NULL |
|
Perform the following steps, as needed:
|
18 |
SQLException - While creating database connection. |
|
Perform the following steps, as needed:
|
19 |
SQLException - While connection Commit |
|
Perform the following steps, as needed:
|
20 |
SQLException -While Create Statement |
|
Perform the following steps, as needed:
|
21 |
SQL Exception Occurred, While setting Connection's AutoCommit Property To False |
|
Perform the following steps, as needed:
|
22 |
SQL Exception Occurred, While Checking for schema in the database |
|
Perform the following steps, as needed:
|
23 |
SQL Exception Occurred, While retrieving Environment From Database |
|
Perform the following steps, as needed:
|
24 |
SQL Exception Occurred, While retrieving Environment Parameters From Database |
|
Perform the following steps, as needed:
|
25 |
Entry Already Exist in the Database. |
The entry you are adding into the repository already exits. For example, the environment or association name exists in the repository. |
Enter an unique value. |
26 |
SQLException While Connection Rollback |
The repository is down or offline. |
Perform the following steps, as needed:
|
27 |
Connection failure. For details refer to log file. |
LDAP directory environment might not be running or details about this environment in the Configuration Manager might be incomplete or inaccurate. |
Perform the following steps, as needed:
|
28 |
Error while reading from LDAP Server. For details refer to log file. |
LDAP directory environment might not be running or details about this environment in the Configuration Manager might be incomplete or inaccurate. |
Perform the following steps, as needed:
|
29 |
LdapConnectionException Caught, while getting LDAPDeltaUpdater |
LDAP directory environment might not be running or details about this environment in the Configuration Manager might be incomplete or inaccurate. |
Perform the following steps, as needed:
|
30 |
NamingException Occurred While Performing Delete Operation On Directory |
LDAP directory environment might not be running or the node to be deleted might not exist. |
Perform the following steps, as needed:
|
31 |
Selected environment type differs from actual environment type. |
You might have selected the wrong environment type (the parameter that designates the Oracle Access Manager or COREid release). |
On the Add Environment or Modify Environment page, select the correct Environment Type for this LDAP directory (OAM1014, for example). |
Topics in this section provide tips to help if you encounter problems during OC4J installation and setup, including:
Configuring OC4J to Recognize Oracle Access Manager Configuration Manager
Using the Oracle Enterprise Manager 10g Application Server Control Console
For more information, see troubleshooting tips in the Oracle Containers for J2EE Configuration and Administration Guide 10g Release (10.1.3).
Problem: Changing the Password for the OC4J administrator
During installation you are asked to provide a password for the oc4jadmin
account. If you do not assign a password for this account when OC4J is installed, you are prompted to set it the first time you start OC4J.
Solution:
For information about changing the password after installation, see the chapter on Tools for Administering OC4J in the Oracle Containers for J2EE Configuration and Administration Guide 10g Release (10.1.3).
Problem: Configuring OC4J to recognize Oracle Access Manager Configuration Manager
How do I configure OC4J to recognize the Configuration Manager application?
Solution:
You must deploy Oracle Access Manager Configuration Manager using Oc4J, as described in "Deploying the Configuration Manager". For instructions on creating additional Web sites in OC4J, see the chapter on Managing Web Sites in OC4J in Oracle Containers for J2EE Configuration and Administration Guide 10g Release (10.1.3).
Problem: Confirming the OC4J host is ready for OC4J installation
How can I confirm that the intended host computer is setup appropriately before I install a standalone OC4J server?
Solution:
Before installing a standalone OC4J server, ensure the prerequisites described in "Installing and Configuring OC4J" are met. For more information, see Chapter 2 of the Oracle Containers for J2EE Configuration and Administration Guide 10g Release (10.1.3).
Problem: Defining administrator privileges in OC4J
How do I define administrator privileges for OC4J?
Solution:
During OC4J standalone installation, you are asked to provide a password for the oc4jadmin
account. This account is assigned the oc4j-administrators
role that is used to manage users and roles and to connect to the JMX MBean server. If you do not assign a password for this account when OC4J is installed, you are prompted to set it the first time you start OC4J.
For an overview and steps, "Installing and Configuring OC4J". For more information about defining administrator privileges in OC4J, see the Oracle Containers for J2EE Configuration and Administration Guide 10g Release (10.1.3).
Problem: Installing OC4J in a standalone configuration
How do I install OC4J in a standalone configuration to operate with Oracle Access Manager Configuration Manager?
Solution:
The OC4J standalone configuration in installed in the same manner whether you will use it with Oracle Access Manager Configuration Manager or not. For an overview and steps, see "Installing and Configuring OC4J". For more information, see the chapter on Installing Standalone OC4J in Oracle Containers for J2EE Configuration and Administration Guide 10g Release (10.1.3).
Problem: OC4J Welcome page fails to appear
After installation, what do I do if the Welcome page does not appear?
Solution:
Confirm that you have entered the appropriate URL for the host, port, and console (http://hostname:port/em/console
, for example). For specific troubleshooting tips, see the Oracle Containers for J2EE Configuration and Administration Guide 10g Release (10.1.3).
Problem: Starting and Stopping OC4J
How do I start and stop OC4J?
Solution:
For information about starting and stopping OC4j, see the corresponding chapter in the Oracle Containers for J2EE Configuration and Administration Guide 10g Release (10.1.3).
Problem: Using the Oracle Enterprise Manager 10g Application Server Control Console
Solution:
The Oracle Enterprise Manager 10g Application Server Control Console is a Web-based administration application that is installed by default with OC4J and enabled immediately after installation. For more information on using this management interface, see the section on the Oracle Enterprise Manager 10g Application Server Control Console in Oracle Containers for J2EE Configuration and Administration Guide 10g Release (10.1.3).
This section includes information to assist if you encounter problems or errors installing or setting up the Oracle Database repository for Oracle Access Manager Configuration Manager. The following topics are included:
Problem: Installing on a specific platform
How can I ensure that I have properly set up the intended host before installation?
Solution:
Refer to the appropriate Oracle Database Server Installation Guide for your specific platform for installation and setup details.
Problem: Oracle Database administration and management issues
How can I properly perform administration and management of the Oracle Database?
Solution:
See the Oracle Database Concepts 10g Release 2 (10.2) for more information about Oracle Database administration and management.
Problem: Managing Oracle Database processes and files
How can I manage Oracle Database processes and files?
Solution:
Use the Oracle Database Administrator's Guide 10g Release 2 (10.2) for details about managing Oracle Database processes, tablespaces, datafiles, tempfiles, managing schema files, Oracle-managed files, and more.
Problem: Oracle Access Manager Configuration Manager reports "SQLException - While creating database connection."
If Oracle Access Manager Configuration Manager does not recognize the service name of the database when it tries to connect, an error is returned: "SQLException - While creating database connection."
Cause:
To connect to the Oracle Database repository, Oracle Access Manager Configuration Manager requires the Database Service Name. You must enter this information in the System Configuration details when adding the repository..
Solution:
You must enter the Database Service Name on the Edit System Configuration page when adding the repository.
If an operation cannot be completed successfully using the Configuration Manager, an error message usually appears to inform you of the problem. Following topics provide information to assist if you encounter problems or errors using Oracle Access Manager Configuration Manager. Topics include:
Cannot View the Content of an Environment (Directory) Snapshot
Configuration Manager Installation, Setup, and Repository Issues
Problem: SQLException - While creating database connection.
If Oracle Access Manager Configuration Manager does not recognize the service name of the database when it tries to connect, an error is returned: "SQLException - While creating database connection."
Cause:
To connect to the Oracle Database repository, Oracle Access Manager Configuration Manager requires the Database Service Name. Today, however, there is no place to enter this information using the graphical user interface.
Solution:
Edit the DB.Oracle.ServiceName parameter in the Oracle Access Manager Configuration Manager WEB-INF/config/db.properties file, as described in the following procedure.
Problem: Error occurs and message states "Unable to create snapshot"
Creating a new snapshot operation fails.
Solution:
Test the connection to the environment to ensure that it is live and online, as described in "Testing the Environment Connection". Test the repository connection to ensure that it is live and online, as described in "Ensuring the Repository is Available to the Configuration Manager".
Problem: Cannot view the content of an environment (directory) snapshot
During a view snapshot operation, only the snapshot name, description, data created, and individual who created the snapshot are listed.
Solution:
You can view the details about a snapshot; however, you cannot view the contents of a snapshot.
Problem: Configuration Manager Welcome page does not appear
The Welcome page does not appear after deploying Oracle Access Manager Configuration Manager.
Solution:
Confirm that you have completed all steps in "Deploying the Configuration Manager". For more information, see troubleshooting tips related to deploying an application in the Oracle Containers for J2EE Configuration and Administration Guide.
Problem: Cannot access the System Configuration tab or add repository details
System Configuration tab not available to add a repository, upload the Configuration Manager schema, or to test the connection between the Configuration Manager and its repository.
Solution:
Oracle Access Manager Configuration Manager System Configuration functions are available only to individuals who log in with HMAdmin
privileges. For more information, see "Assigning Configuration Manager Administrator and User Roles in OC4J".
Problem: Schema upload not successful
Not all the database objects were properly uploaded.
Solution:
Confirm that you have the appropriate system privileges to create a table, create a sequence, create a trigger, and create a procedure.
Problem: Repository connection test not successful
When the repository connection test is not successful an error message appears.
Solution:
Confirm that all repository details are accurately entered and edit them if needed. Confirm that the Oracle Database instance is running, then test the connection again as described in "Adding Repository Details in the Configuration Manager". If the connection test is still unsuccessful, contact the Oracle Database administrator.
This topic includes solutions to several issues that you can encounter when working with LDAP directory environments in Oracle Access Manager Configuration Manager. Any environment that is involved when making a directory snapshot, migrating data, or rolling back a transaction must be live and online.
Problem: Certificate Upload Not Successful
An error message appears when you add environment (directory) details and have an unsuccessful attempt to upload a certificate for SSL-enabled communication.
Solution:
Review the message, then click the Cancel button on the error window. Verify the location of the certificate files and the password, then perform the certificate steps again as described in "Adding Environment Details to the Configuration Manager".
Problem: Connection Failure
When I test the connection to an environment, the informational message states "Connection failure. For details refer to log file."
Solution:
Notify the directory administrator, and give the location of the log file as described in "Accessing and Using the Log File".
Problem: Environment details not available in Configuration Manager
The environment I want is not listed when I view environments or attempt to form an association.
Solution:
Ensure that the environment (directory) details have been added to the Configuration Manager, as described in "Adding Environment Details to the Configuration Manager".
Problem: Association details not available in Configuration Manager
The association I want is not listed when I view associations or attempt to add a transformation rule.
Solution:
Ensure that the association has been formed, as described in "Creating a Directory Association".
Association is not listed for selection during migration
The desired association does not appear in the Select Association list on the Migrate subtab, Select Logical Objects to Compare page.
Solution:
Confirm that the desired association is enabled, as described in "Enabling or Disabling a Directory Association".
Problem: Transformation rule does not operate as expected
After previewing the logical objects to be migrated, it appears that a transformation rule did produce the expected results.
Solution:
View (and modify, if needed) the rule to ensure that it specifies the appropriate logical object type and attribute, as well as the correct operator and parameter. for more information, see "Modifying a Transformation Rule".