1 Getting Started

The Server Manager Guide discusses the administration of Server Manager.

1.1 Installing the Server Manager Management Console and Agent

As of March 2016, the following chapters have been removed from this guide and added to the JD Edwards EnterpriseOne Installation and Upgrade Guides:

  • Installing the Server Manager Console

  • Running the Installation Wizard

  • Installing the Server Manager Agent

There are twelve (12) install and upgrade guides for JD Edwards EnterpriseOne applications for various combinations of platform and database. For the chapters that describe the installation of the Server Manager Console and Server Manager Agent, the content is identical across all guides. Access the Installation or Upgrade guide for your particular platform and database to find the aforementioned chapters.

The installation and upgrade guides are located in the JD Edwards EnterpriseOne Installation and Upgrade Documentation Library at:

http://docs.oracle.com/cd/E61420_01/index.htm

1.2 Accessing the Certifications (Minimum Technical Requirements)

Customers must conform to the supported platforms for the release as detailed in the JD Edwards EnterpriseOne Certifications (MTRs). In addition, JD Edwards EnterpriseOne may integrate, interface, or work in conjunction with other Oracle products. Refer to the following link for cross-reference material in the Program Documentation for Program prerequisites and version cross-reference documents to assure compatibility of various Oracle products.

Upgrading from 9.1 to 9.2 Server Manager Consoles can be done using the Server Manager Console Update (self-update) functionality for WAS and WLS based Server Manager Consoles. For an OC4J based Server Manager Console, please follow the documentation below.

http://www.oracle.com/corporate/contracts/index.html

You can locate the JD Edwards EnterpriseOne Tools Release 9.2 Certifications from My Oracle Support.

To access JD Edwards EnterpriseOne Tools Release 9.2 Certifications:

  1. Navigate to My Oracle Support (https://support.oracle.com).

  2. Click the Certifications tab.

  3. Search for JD Edwards EnterpriseOne Server Manager 9.2.

1.3 Configuring Server Manager Console to Work with Java 8 Update 201 (and later) (Release 9.2.3.4)

This section contains the following topics:

1.3.1 Configuring Server Manager Console Overview

Starting with Tools Release 9.2.3.4, you can make the following configuration changes if you are using Server Manager with Java 8 Update 201 and later (and equivalent Java 7 releases). Review the tasks in this section if you made the configuration changes described in the following My Oracle Support document:

E1: SVM: Console Not Communicating With Agent And/Or Runtime Metrics Not Displaying After AS400 / iSeries / IBM Java Update Disables 3DES_EDE_CBC Algorithm (Doc ID 2256869.1).

If you performed the configuration changes specified in the above support document, begin by reverting those modifications.

  1. Stop the Server Manager Console and the Admin server in the domain on which the Server Manager Console is installed.

  2. Stop the Server Manager Agents.

  3. Stop the Managed Instance.

  4. Undo the changes to the $jdk/jre/lib/security/java.security file or restore the file from a backup. This process of managing the $jdk/jre/lib/security/java.security file applies to the Java Installation used by the Server Manager Console, Server Manager Agents, and other Managed Instances on the respective machines.

1.3.2 Secure JMX and Using SSL Settings for the Server Manager Console

The subsequent sections are applicable if you have the following settings in the SCFMC/config/agent.properties and $SCHFA/config/agent.properties files.

management.server.usesecurejmx=true

management.server.usingssl=true|false

These settings are required only if Secure JMX is enabled. By default, the Secure JMX setting is enabled.

1.3.3 Additional JVM Arguments

Additional JVM Arguments that are required to support Java 8 Update 201 and later (and equivalent Java 7 releases) are as follows (where this command is a single contiguous command line with no line breaks or carriage returns):

-Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.ssl.keyStore=C:\certs\keystore.jks -Djavax.net.ssl.keyStorePassword=<key_store_password> -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyPassword=<key_password> -Djavax.net.ssl.trustStore=C:\Java64\jdk1.8.0_201\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=<trust_store_password> -Djavax.net.ssl.trustStoreType=JKS

In the argument, replace the values that look like <password> with the actual password.

The functions of the additional JVM Arguments are:

Additional JVM Argument Value Function
-Djdk.tls.client.protocols TLSv1.2 This sets the TLS version for JMX Communication to 1.2.
-Djavax.net.ssl.keyStore C:\certs\keystore.jks This is the location of the Identity store or Keystore file that contains the private key.
-Djavax.net.ssl.keyStorePassword <key_store_password> This is the passphrase for the Identity store or Keystore file.
-Djavax.net.ssl.keyStoreType JKS This is the format of the Identity store or Keystore file; formats include JKS, PKCS12, and PEM.
-Djavax.net.ssl.keyPassword <key_password> This is the passphrase for the private key stored in the Identity store or Keystore file.
-Djavax.net.ssl.trustStore C:\Java64\jdk1.8.0_201\jre\lib\security\cacerts This is the location of the Truststore of jre (Java Runtime Environment) that contains all the public keys. Typically, the Truststore is at located at $jdk/jre/lib/security/cacerts.
-Djavax.net.ssl.trustStorePassword <trust_store_password> This is the passphrase for the Truststore file.
-Djavax.net.ssl.trustStoreType JKS This is the format of the Truststore file; formats include JKS, PKCS12, and PEM.

1.3.4 Steps with Examples

  1. Create the Identity Store: Create the Identity store (Keystore) that stores the private key. Typically, the Identity store is created on the Server Manager Console machine only.

    C:\Java64\jdk1.8.0_211\bin\keytool -genkey -alias <your_machine_name> -keyalg RSA -keypass <private_key_password> -storepass <identity_store_password> -keystore C:\certs\keystore.jks

  2. Export the Certificate: Export the Certificate from the Keystore created in previous step. Typically, the Certificate is exported to the Server Manager Console machine only.

    C:\Java64\jdk1.8.0_211\bin\keytool -export -alias <your_machine_name> -storepass <identity_store_password> -file C:\certs\<your_machine_name>.cer -keystore C:\certs\keystore.jks

    The Certificate is stored in the file: C:\certs\<your_machine_name>.cer.

  3. Import the Certificate: Import the Certificate from the Certificate file created in previous step. Typically, the Certificate is imported to Server Manager Console, Server Manager Agents, and on all machines that have Managed Instances. If you are using a custom Truststore, you will must import the Certificate into the custom Truststore. The command to import the Certificate to the Standard Truststore (cacerts file) is as follows:

    • Windows Platform

      C:\Java64\jdk1.8.0_211\bin\keytool -import -v -trustcacerts -alias <your_machine_name> -file C:\certs\<your_machine_name>.cer -keystore C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts -keypass <private_key_password> -storepass <trust_store_password>Certificate was added to keystore [Storing C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts]

      Run the following command to confirm that the import process was successful:

      C:\Java64\jdk1.8.0_211\bin\keytool -list -v -keystore C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts -alias <your_machine_name> -storepass <trust_store_password>

    • UNIX Platform

      /u01/java8/bin/keytool -import -v -trustcacerts -alias <your_machine_name> -file /u01/certs/<your_machine_name>.cer -keystore /u01/java8/jre/lib/security/cacerts -keypass <private_key_password> -storepass <trust_store_password>Certificate was added to keystore [Storing /u01/java8/jre/lib/security/cacerts]

      Run the following command to confirm that the import process was successful:

      /u01/java8/bin/keytool -list -v -keystore /u01/java8/jre/lib/security/cacerts -alias <your_machine_name> -storepass <trust_store_password>

    • AS/400 Platform

      /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin/keytool -import -v -trustcacerts -alias <your_machine_name> -file /certs/<your_machine_name>.cer -keystore /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts -keypass <private_key_password> -storepass <trust_store_password>Certificate was added to keystore [Storing /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts]

      Run the following command to confirm that the import process was successful:

      /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin/keytool -list -v -keystore /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts -alias <your_machine_name> -storepass <trust_store_password>

Note:

If there are multiple Certificates in the Certificate Chain of the Server Manager Console, all the Certificates in the Certificate Chain must be imported into the Truststore. Import of multiple files is commonly required for a CA Signed Certificate where a Root Certificate and an Intermediate Certificate exist in addition to the actual Certificate used by the Server Manager Console.

1.3.5 JVM Arguments Configuration

1.3.5.1 WebLogic and WebSphere Servers

The following screenshots show how the JVM Arguments are configured for the Server Manager Console on the WebLogic and WebSphere servers.

Server Manager Console on the WebLogic Server

Navigate to Home - Summary of Servers - SMC_Server_jde_smchome_Console, append the arguments as shown.

Figure 1-1 Server Manager Console on the WebLogic Server

Surrounding text describes Figure 1-1 .

Server Manager Console on the WebSphere Server

Navigate to Application servers - SMC_Server_EOne_ManagementConsole1_Console - Process definition - Java Virtual Machine, append the arguments as shown.

Figure 1-2 Server Manager Console on the WebSphere Server

Surrounding text describes Figure 1-2 .

1.3.5.2 AIS and HTML Servers

The following screenshots show how the JVM Arguments are configured for the Web Component Managed Instance on the WebLogic and WebSphere server for the AIS and HTML servers:

Web Component on the WebLogic Server

For the AIS server, navigate to Home - Summary of Servers - ais_9082, append the arguments as shown in the screenshot.

Figure 1-3 Web Component on the WebLogic Server (AIS)

Surrounding text describes Figure 1-3 .

For the HTML server, navigate to Home - Summary of Servers - jas_8082, append the arguments as shown.

Figure 1-4 Web Component on the WebLogic Server (HTML)

Surrounding text describes Figure 1-4 .

Web Component on the WebSphere Server

For the AIS server, navigate to Application servers - AIS_92 - Process definition - Java Virtual Machine, append the arguments as shown.

Figure 1-5 Web Component on the WebSphere Server (AIS)

Surrounding text describes Figure 1-5 .

For the HTML server, navigate to Application servers - AS_JS_82 - Process definition - Java Virtual Machine, append the arguments as shown.

Figure 1-6 Web Component on the WebSphere Server (HTML server)

Surrounding text describes Figure 1-6 .

1.3.5.3 Enterprise Server

The following screenshot shows how the JVM Arguments are configured for the Enterprise server.

Configure the JVM Arguments in the DefaultOptions entry in the [JDE JVM] section of the Enterprise server JDE.INI file.

Figure 1-7 Enterprise Server

Surrounding text describes Figure 1-7 .

1.3.6 Server Manager Agent Configuration

This section describes the configuration changes that are necessary for the Server Manager Agent to work with Java 8 Update 201 and later (and equivalent version of Java 7) without having to make changes to the java.security file.

1.3.6.1 Server Manager Agent on Windows

After you update the Server Manager Agent to Tools 9.2.3.4 or later, create a copy of the $SCHFA\bin\installAgentServiceV2.bat and save the file as $SCHFA\bin\installAgentService.bat. Then perform the following tasks:

  1. Stop the Server Manager Agent by using $SCFHA\bin\stopAgent.bat

  2. Uninstall the existing Server Manager Windows Service by using $SCFHA\bin\uninstallAgentService.bat

  3. Changes the $SCHFA\bin\installAgentService.bat file as follows:

    A sample start params entry is provided below. The changes are shown in bold in this entry sample, make the same set of changes in the do32 and do64 sections.

    "--StartParams=-Djdk.tls.client.protocols=TLSv1.2;-Djavax.net.ssl.keyStore= C:\certs\keystore.jks;-Djavax.net.ssl.keyStorePassword=<password>;-Djavax.net.ssl.keyStoreType=JKS;-Djavax.net.ssl.keyPassword=<password>;-Djavax.net.ssl.trustStore= C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts;-Djavax.net.ssl.trustStorePassword=<password>;-Djavax.net.ssl.trustStoreType=JKS;-Xrs;-classpath;%JDE_HOME%\lib\scfagent.jar;com.jdedwards.mgmt.agent.Launcher"

  4. Install the Server Manager Agent Windows Service by using the modified $SCFHA\bin\ installAgentService.bat file.

  5. Start the Server Manager Agent by using the $SCFHA\bin\startAgent.bat file.

Figure 1-8 Server Manager Agent on Windows

Surrounding text describes Figure 1-8 .

1.3.6.2 Server Manager Agent on UNIX and AS/400 Platforms

After you update the Server Manager Agent to Tools 9.2.3.4 or later, for Server Manager Agent installations on UNIX and AS/400 platforms, perform the following tasks:

  1. Create a copy of the $SCHFA/bin/runAgentV2 file and save it as $SCHFA/bin/runAgent.

  2. Stop the Server Manager Agent by using $SCFHA/bin/stopAgent.

  3. Change the $SCHFA/bin/runAgent file as follows:

    A sample start parameters entry is provided below. The changes are shown in bold in the sample entry.

UNIX

echo Starting the management agent on `date` in home $JDEHOME >>$JDEHOME/logs/e1agent_0.log

$JAVA $BITFLAG -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.ssl.keyStore=/slot/ems9991/appmgr/certs/keystore.jks -Djavax.net.ssl.keyStorePassword=<password> -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyPassword=<password> -Djavax.net.ssl.trustStore=/slot/ems9991/appmgr/jde_agent_ent/SCFHA/jdk/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=<password> -Djavax.net.ssl.trustStoreType=JKS -classpath $JDEHOME/lib/scfagent.jar com.jdedwards.mgmt.agent.Launcher >>$JDEHOME/logs/e1agent_0.log 2>&1 &

echo $!>$JDEHOME/agent.pid

exit 0

Figure 1-9 Server Manager Agent on UNIX

Surrounding text describes Figure 1-9 .

AS/400 Platform

If you are managing the WebSphere Managed Instance on the AS/400 platform, configure the $SCFHA/bin/runAgent script to use the 64-bit Java installation. Typically, the Java Installation used by the WebSphere Installation is /QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre.If you are managing the Enterprise Server Managed Instance on the AS/400 platform, configure the $SCFHA/bin/runAgent script to use the 32-bit or 64-bit Java installation depending on whether it is a 32-bit or 64-bit Enterprise Server Managed Instance installation.

The install location of the Java 8 32-bit and 64-bit respectively on the AS/400 machine is:

/QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre

/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre

echo starting the management agent

$JAVA_HOME$JDKBIN$JAVAEXE -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.ssl.keyStore=/jde_agent_1/SCFHA/keystore.jks -Djavax.net.ssl.keyStorePassword=<password> -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyPassword=<password> -Djavax.net.ssl.trustStore=/QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=<password> -Djavax.net.ssl.trustStoreType=JKS -classpath "$JDEHOME/lib/scfagent.jar:/QIBM/ProdData/HTTP/Public/jt400/lib/jt400.jar" com.jdedwards.mgmt.agent.Launcher 2>/dev/null 1>/dev/null &

Figure 1-10 Server Manager Agent on AS/400

Surrounding text describes Figure 1-10 .

1.3.7 Java.security File

If you have modified the $jdk/jre/lib/security/java.security file, and removed the anon and NULL entries from this file, add the entries again or restore the file to its original condition. The following screenshot highlights these entries:

Figure 1-11

Surrounding text describes Figure 1-11 .

1.3.8 startWeblogic.sh/cmd

You must edit the startWeblogic.sh/cmd file in $<Server_Manager_Console_Weblogic_Domain>\bin\startWeblogic.sh/cmd. In startWeblogic.sh/cmd, edit the command and add the content as shown in bold in the sample below. Also, you must edit the same command to restart the Admin Server of the WebLogic Domain on which the Server Manager Console is installed.

SAVE_JAVA_OPTIONS="${JAVA_OPTIONS} -Djdk.tls.client.protocols=TLSv1.2 "

Note:

Restart the Server Manager Console after making the changes to the command.

1.3.9 Updating the ManagementLoginModule_JAR.jar in the $SMC_WLS_Domain_Dir/lib Location (Release 9.2.4)

For the Server Manager Console on the WebLogic server when using Java 8 update 201 and later:

  1. Stop the Server Manager Console J2EE container.

  2. Stop the Admin server.

  3. Stop all the other J2EE containers that are running in the domain in which the Server Manager Console is installed.

  4. Delete the $SMC_WLS_Domain_Dir/lib/ManagementLoginModule_JAR.jar.

    For this specific set-up, the file can be found in the following directory:

    o /u01/OracleSMC/user_projects/domains/smc_domain/lib/ManagementLoginModule_JAR.jar

  5. Copy the latest ManagementLoginModule_JAR.jar file from $SCFMC/stage/ManagementConsole_WAR.ear/ManagementConsole_WAR.war/WEB-INF/lib/ManagementLoginModule_JAR.jar to the $SMC_WLS_Domain_Dir/lib directory.

    For this set-up, the file can be found in the following directory:

    o /u01/SMConsole/SCFMC/stage/ManagementConsole_WAR.ear/ManagementConsole_WAR.war/WEB-INF/lib/ManagementLoginModule_JAR.jar to above location. The timestamp of the file should show the new date and time.

  6. Start the Server Manager Console.

  7. Perform the Change Component operation to confirm that the operation is successful.