4 Oracle Fusion Middleware Administration

This chapter describes issues associated with Oracle Fusion Middleware administration. It includes the following topics:

4.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topic:

4.1.1 Fusion Middleware Control May Return Error in Mixed IPv6 and IPv4 Environment

If your environment contains both IPv6 and IPv4 network protocols, Fusion Middleware Control may return an error in certain circumstances.

If the browser that is accessing Fusion Middleware Control is on a host using the IPv4 protocol, and selects a control that accesses a host using the IPv6 protocol, Fusion Middleware Control will return an error. Similarly, if the browser that is accessing Fusion Middleware Control is on a host using the IPv6 protocol, and selects a control that accesses a host using the IPv4 protocol, Fusion Middleware Control will return an error.

For example, if you are using a browser that is on a host using the IPv4 protocol and you are using Fusion Middleware Control, Fusion Middleware Control returns an error when you navigate to an entity that is running on a host using the IPv6 protocol, such as in the following situations:

  • From the Oracle Internet Directory home page, you select Directory Services Manager from the Oracle Internet Directory menu. Oracle Directory Services Manager is running on a host using the IPv6 protocol.

  • From a Managed Server home page, you click the link for Oracle WebLogic Server Administration Console, which is running on IPv6.

  • You test Web Services endpoints, which are on a host using IPv6.

  • You click an application URL or Java application which is on a host using IPv6.

To work around this issue, you can add the following entry to the /etc/hosts file:

nnn.nn.nn.nn  myserver-ipv6 myserver-ipv6.example.com

In the example, nnn.nn.nn.nn is the IPv4 address of the Administration Server host, myserver.example.com.

4.1.2 Deploying JSF Applications

Some JSF applications may experience a memory leak due to incorrect Abstract Window Toolkit (AWT) application context classloader initialization in the Java class library. Setting the oracle.jrf.EnableAppContextInit system property to true will attempt eager initialization of the AWT application context classloader to prevent this leak from occurring. By default, this property is set to false.

4.1.3 Limitations in Cloning

  • If your Middleware home contains more than one JDK, such as JRockit and a Sun JDK, but is configured to use JRockit, and you cloned the Middleware home to another host with a location similar to the source Middleware home, any configuration would fail.

    To work around this issue, edit the following file to change the JAVA_HOME environment variable to the Jrockit location:

    MW_HOME/common/bin/commEnv.sh
    
  • Cloning of Oracle Internet Directory does not work on Microsoft Windows. The pasteConfig.sh command fails with the following error:

    Caused by: java.io.IOException: Cannot run program
    "C:\MW_HOME\Instance_home\bin\opmnctl": CreateProcess error=2, The system
    cannot find the file specified
    
  • Note the following limitations in cloning Oracle Virtual Directory

    • When you are cloning Oracle Virtual Directory, the Oracle instance name in the source environment cannot be the same as the Oracle instance name in the target environment. The Oracle instance name in the target must be different than the name in the source.

    • After you clone Oracle Virtual Directory from one host to another, you must add a self-signed certificate to the Oracle Virtual Directory keystore and EM Agent wallet on Host B. Take the following steps:

      1. Set the ORACLE_HOME and JAVA_HOME environment variables.

      2. Delete the existing self-signed certificate:

        $JAVA_HOME/bin/keytool -delete -alias serverselfsigned
          -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
          -storepass OVD_Admin_password 
        
      3. Generate a key pair:

        $JAVA_HOME/bin/keytool -genkeypair
          -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
          -storepass OVD_Admin_password -keypass OVD_Admin_password -alias serverselfsigned
          -keyalg rsa -dname "CN=Fully_qualified_hostname,O=test" 
        
      4. Export the certificate:

        $JAVA_HOME/bin/keytool -exportcert
          -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
          -storepass OVD_Admin_password -rfc -alias serverselfsigned
          -file ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
        
      5. Add a wallet to the EM Agent:

        ORACLE_HOME/../oracle_common/bin/orapki wallet add
          -wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet
          -pwd EM_Agent_Wallet_password -trusted_cert
          -cert ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
        
      6. Stop and start the Oracle Virtual Directory server.

      7. Stop and start the EM Agent.

4.1.4 Message Returned with Incorrect Error Message Level

In Fusion Middleware Control, when you select a metadata repository, the following error messages are logged:

Partitions is NULL
Partitions size is 0 

These messages are logged at the Error level, which is incorrect. They should be logged at the debug level, to provide information.

4.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

4.2.1 Must Stop Oracle SOA Suite Managed Server Before Stopping soa-infra

Using Fusion Middleware Control, if you stop a Oracle SOA Suite Managed Server before you stop soa-infra, then you start the Managed Server, the soa-infra application is not restarted automatically. If you try to restart the soa-infra, you will received an error. When you encounter the problem, you cannot close the dialog box in the browser, so you cannot take any further actions in Fusion Middleware Control.

To avoid this situation, you should stop the Managed Server, which stops all applications, including the soa-infra application. To start the Managed Server and the soa-infra, start the Managed Server.

To close the browser dialog box, enter the following URL in your browser:

http://host:port/em

4.2.2 Configuring Fusion Middleware Control for Windows Native Authentication

To use Windows Native Authentication (WNA) as the single sign-on mechanism between Fusion Middleware Control and Oracle WebLogic Server Administration Console, you must make changes to the following files:

  • web.xml

  • weblogic.xml

These files are located in the em.ear file. You must explode the em.ear file, edit the files, then rearchive the em.ear file. Take the following steps (which assume that while the front end is on Windows, the em.ear file is on UNIX):

  1. Set the JAVA_HOME environment variable. For example:

    setenv JAVA_HOME /scratch/Oracle/Middleware/jrockit_160_05_R27.6.2-20 
    
  2. Change to the directory containing the em.ear, and explode the file. For example:

    cd /scratch/Oracle/Middleware/user_projects/applications/domain_name
    JAVA_HOME/bin/jar xvf em.ear em.war 
    JAVA_HOME/bin/jar xvf em.war WEB-INF/web.xml
    JAVA_HOME/bin/jar xvf em.war WEB-INF/weblogic.xml
    
  3. Edit web.xml, commenting out the first login-config block and uncommenting the login-config block for WNA. (The file contains information about which block to comment and uncomment.) When you have done this, the portion of the file will appear as in the following example:

    <!--<login-config>
         <auth-method>CLIENT-CERT</auth-method>
       </login-config>
    -->  
     <!--
      the following block is for Windows Native Authentication, if you are using
     WNA, do the following:
        1. uncomment the following block
        2. comment out the previous <login-config> section.
        3. you also need to uncomment a block in weblogic.xml
     -->
       <login-config>
         <auth-method>CLIENT-CERT,FORM</auth-method>
         <form-login-config>
           <form-login-page>/faces/targetauth/emasLogin</form-login-page>
           <form-error-page>/login/LoginError.jsp</form-error-page>
         </form-login-config>
       </login-config>
       <security-constraint>
     .
     .
     .
       <security-role>
         <role-name>Monitor</role-name>
       </security-role>
     
    
  4. Edit weblogic.xml, uncommenting the following block. (The file contains information about which block to uncomment.) When you have done this, the portion of the file will appear as in the following example:

     <!--
     the following block is for Windows Native Authentication, if you are using
     WNA, uncomment the following block.
     -->
      <security-role-assignment>
         <role-name>Admin</role-name>
         <externally-defined/>
       </security-role-assignment>
     .
     .
     .
       <security-role-assignment>
         <role-name>Deployer</role-name>
         <externally-defined/>
       </security-role-assignment>
    
  5. Rearchive the em.ear file. For example:

    JAVA_HOME/bin/jar uvf em.war WEB-INF/web.xml
    JAVA_HOME/bin/jar uvf em.war WEB-INF/weblogic.xml
    JAVA_HOME/bin/jar uvf em.ear em.war 
    

4.2.3 Fusion Middleware Control Does Not Keep Column Preferences in Log Viewer Pages

In Fusion Middleware Control, you can reorder the columns in the pages that display log files and log file messages. However, if you navigate away from the page and then back to it, the columns are set to their original order.

4.2.4 Topology Viewer Does Not Display Applications Deployed to a Cluster

In Fusion Middleware Control, the Topology Viewer does not display applications that are deployed to a cluster.

4.2.5 Changing Log File Format

When you change the log file format note the following:

  • When you change the log file format from text to xml, specify the path, but omit the file name. The new file will be named log. xml.

  • When you change the log file format from xml to text, specify both the path and the file name.

4.3 Documentation Errata

This section describes documentation errata for Oracle Fusion Middleware administration. It contains the following topic:

4.3.1 Corrected Procedures for Moving Oracle Access Manager 11g to a Production Environment

The Oracle Fusion Middleware Administrator's Guide contains incorrect procedures for moving Oracle Access Manager to a production environment. The following topics contain the correct procedures:

4.3.1.1 Moving Oracle Access Manager 11g to a New Production Environment

Note:

The Administration Servers in both the test environment and the production environment must be started.

To replicate the policy configuration information from the test system into the production system:

  1. Install and configure Oracle WebLogic Server, creating a Middleware home, as described in Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

  2. Install and configure Oracle Access Manager, specifying the information for the production environment, as described in Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

  3. Set the environment variable JAVA_HOME and add JAVA_HOME to the PATH.

  4. Export the policies from the test system, using the following WLST command:

    exportPolicy(pathTempOAMPolicyFile='path_of_Temp_PolicyFile')
    
  5. Copy the policy file to the production environment.

  6. Import the policies into the production environment, using the following command:

    importPolicy(pathTempOAMPolicyFile='path_of_Temp_PolicyFile')
    

To replicate the configuration and the partner information from the test system to the production system, take the following steps:

  1. Follow steps 1 through 6 in the preceding procedure.

  2. Export the partner information from the test environment, using the following WLST command:

    exportPartners(pathTempOAMPartnerFile='path_of_Temp_PartnerFile')
    
  3. Copy the partner file to the production environment.

  4. Import the partner information to the production environment, using the following WLST command:

    importPartners(pathTempOAMPartnerFile='path_of_Temp_PartnerFile')
    

4.3.1.2 Move Oracle Access Manager 11g to an Existing Production Environment

In this scenario, you move incremental changes that you have made in the test environment to the production environment.

Note:

The Administration Servers in both the test environment and the production environment must be started.

To replicate the policy configuration information from the test system into the production system:

  1. Set the environment variable JAVA_HOME and add JAVA_HOME to the PATH.

  2. Export the policies from the test system, using the following WLST command:

    exportPolicy(pathTempOAMPolicyFile='path_of_Temp_PolicyFile')
    
  3. Copy the policy file to the production environment.

  4. Import the policies into the production environment, using the following command:

    importPolicy(pathTempOAMPolicyFile='path_of_Temp_PolicyFile')
    

4.3.2 Additional Information about Recovering Oracle Identity Manager

Oracle Identity Manager stores users and roles in the LDAP store. If you restore the database to a different point in time than the LDAP store, the reconciliation engine checks the change logs and reapplies all the changes that happened in the time period between the restore of the LDAP store and the database. For example, if the database is restored so that is 10 hours behind the LDAP store, the reconciliation engine checks the change logs and reapplies all the changes that happened in the last 10 hours in the LDAP store to the database.

You do not need to explicitly trigger the reconciliation. LDAP synchronization is set up as a periodic scheduled task to submit reconciliation events periodically. You can also start the reconciliation process manually and monitor the reconciliation events from the Oracle Identity Manager console. See "Reconciliation Configuration" in Oracle Fusion Middleware User's Guide for Oracle Identity Manager.

Note:

Oracle recommends that you make sure that the Oracle Identity Manager application is unavailable to the end users when a bulk reconciliation is occurring (as in the above recovery scenario). When the bulk reconciliation is complete, make sure that the Oracle Identity Manager application is again available to the end users. You can monitor the reconciliation with the Oracle Identity Manager console.

4.3.3 Additional Information about Recovering Oracle BI EE

When you recover Oracle BI EE, you must ensure that the Web Catalog and RPD are restored to the same point in time, by using the same backup file.