1 Getting Started

The Server Manager Guide discusses the administration of Server Manager.

1.1 Installing the Server Manager Management Console and Agent

As of March 2016, the following chapters have been removed from this guide and added to the JD Edwards EnterpriseOne Installation and Upgrade Guides:

  • Installing the Server Manager Console

  • Running the Installation Wizard

  • Installing the Server Manager Agent

There are twelve (12) install and upgrade guides for JD Edwards EnterpriseOne applications for various combinations of platform and database. For the chapters that describe the installation of the Server Manager Console and Server Manager Agent, the content is identical across all guides. Access the Installation or Upgrade guide for your particular platform and database to find the aforementioned chapters.

The installation and upgrade guides are located in the JD Edwards EnterpriseOne Installation and Upgrade Documentation Library at:

http://docs.oracle.com/cd/E61420_01/index.htm

1.2 Accessing the Certifications (Minimum Technical Requirements)

Customers must conform to the supported platforms for the release as detailed in the JD Edwards EnterpriseOne Certifications (MTRs). In addition, JD Edwards EnterpriseOne may integrate, interface, or work in conjunction with other Oracle products. Refer to the following link for cross-reference material in the Program Documentation for Program prerequisites and version cross-reference documents to assure compatibility of various Oracle products.

Upgrading from 9.1 to 9.2 Server Manager Consoles can be done using the Server Manager Console Update (self-update) functionality for WAS and WLS based Server Manager Consoles. For an OC4J based Server Manager Console, please follow the documentation below.

http://www.oracle.com/corporate/contracts/index.html

You can locate the JD Edwards EnterpriseOne Tools Release 9.2 Certifications from My Oracle Support.

To access JD Edwards EnterpriseOne Tools Release 9.2 Certifications:

  1. Navigate to My Oracle Support (https://support.oracle.com).

  2. Click the Certifications tab.

  3. Search for JD Edwards EnterpriseOne Server Manager 9.2.

1.3 Configuring Server Manager Console to Work with Java 8 Update 201 (and later) (Release 9.2.3.4)

This section contains the following topics:

1.3.1 Configuring Server Manager Console Overview

Starting with Tools Release 9.2.3.4, you can make the following configuration changes if you are using Server Manager with Java 8 Update 201 and later (and equivalent Java 7 releases). Review the tasks in this section if you made the configuration changes described in the following My Oracle Support document:

E1: SVM: Console Not Communicating With Agent And/Or Runtime Metrics Not Displaying After AS400 / iSeries / IBM Java Update Disables 3DES_EDE_CBC Algorithm (Doc ID 2256869.1).

If you performed the configuration changes specified in the above support document, begin by reverting those modifications.

  1. Stop the Server Manager Console and the Admin server in the domain on which the Server Manager Console is installed.

  2. Stop the Server Manager Agents.

  3. Stop the Managed Instance.

  4. Undo the changes to the $jdk/jre/lib/security/java.security file or restore the file from a backup. This process of managing the $jdk/jre/lib/security/java.security file applies to the Java Installation used by the Server Manager Console, Server Manager Agents, and other Managed Instances on the respective machines.

1.3.2 Secure JMX and Using SSL Settings for the Server Manager Console

The subsequent sections are applicable if you have the following settings in the SCFMC/config/agent.properties and $SCHFA/config/agent.properties files.

management.server.usesecurejmx=true

management.server.usingssl=true|false

These settings are required only if Secure JMX is enabled. By default, the Secure JMX setting is enabled.

1.3.3 Additional JVM Arguments

Additional JVM Arguments that are required to support Java 8 Update 201 and later (and equivalent Java 7 releases) are as follows (where this command is a single contiguous command line with no line breaks or carriage returns):

-Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.ssl.keyStore=C:\certs\keystore.jks -Djavax.net.ssl.keyStorePassword=<key_store_password> -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyPassword=<key_password> -Djavax.net.ssl.trustStore=C:\Java64\jdk1.8.0_201\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=<trust_store_password> -Djavax.net.ssl.trustStoreType=JKS

In the argument, replace the values that look like <password> with the actual password.

The functions of the additional JVM Arguments are:

Additional JVM Argument Value Function
-Djdk.tls.client.protocols TLSv1.2 This sets the TLS version for JMX Communication to 1.2.
-Djavax.net.ssl.keyStore C:\certs\keystore.jks This is the location of the Identity store or Keystore file that contains the private key.
-Djavax.net.ssl.keyStorePassword <key_store_password> This is the passphrase for the Identity store or Keystore file.
-Djavax.net.ssl.keyStoreType JKS This is the format of the Identity store or Keystore file; formats include JKS, PKCS12, and PEM.
-Djavax.net.ssl.keyPassword <key_password> This is the passphrase for the private key stored in the Identity store or Keystore file.
-Djavax.net.ssl.trustStore C:\Java64\jdk1.8.0_201\jre\lib\security\cacerts This is the location of the Truststore of jre (Java Runtime Environment) that contains all the public keys. Typically, the Truststore is at located at $jdk/jre/lib/security/cacerts.
-Djavax.net.ssl.trustStorePassword <trust_store_password> This is the passphrase for the Truststore file.
-Djavax.net.ssl.trustStoreType JKS This is the format of the Truststore file; formats include JKS, PKCS12, and PEM.

1.3.4 Steps with Examples

  1. Create the Identity Store: Create the Identity store (Keystore) that stores the private key. Typically, the Identity store is created on the Server Manager Console machine only.

    C:\Java64\jdk1.8.0_211\bin\keytool -genkey -alias <your_machine_name> -keyalg RSA -keypass <private_key_password> -storepass <identity_store_password> -keystore C:\certs\keystore.jks

  2. Export the Certificate: Export the Certificate from the Keystore created in previous step. Typically, the Certificate is exported to the Server Manager Console machine only.

    C:\Java64\jdk1.8.0_211\bin\keytool -export -alias <your_machine_name> -storepass <identity_store_password> -file C:\certs\<your_machine_name>.cer -keystore C:\certs\keystore.jks

    The Certificate is stored in the file: C:\certs\<your_machine_name>.cer.

  3. Import the Certificate: Import the Certificate from the Certificate file created in previous step. Typically, the Certificate is imported to Server Manager Console, Server Manager Agents, and on all machines that have Managed Instances. If you are using a custom Truststore, you will must import the Certificate into the custom Truststore. The command to import the Certificate to the Standard Truststore (cacerts file) is as follows:

    • Windows Platform

      C:\Java64\jdk1.8.0_211\bin\keytool -import -v -trustcacerts -alias <your_machine_name> -file C:\certs\<your_machine_name>.cer -keystore C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts -keypass <private_key_password> -storepass <trust_store_password>Certificate was added to keystore [Storing C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts]

      Run the following command to confirm that the import process was successful:

      C:\Java64\jdk1.8.0_211\bin\keytool -list -v -keystore C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts -alias <your_machine_name> -storepass <trust_store_password>

    • UNIX Platform

      /u01/java8/bin/keytool -import -v -trustcacerts -alias <your_machine_name> -file /u01/certs/<your_machine_name>.cer -keystore /u01/java8/jre/lib/security/cacerts -keypass <private_key_password> -storepass <trust_store_password>Certificate was added to keystore [Storing /u01/java8/jre/lib/security/cacerts]

      Run the following command to confirm that the import process was successful:

      /u01/java8/bin/keytool -list -v -keystore /u01/java8/jre/lib/security/cacerts -alias <your_machine_name> -storepass <trust_store_password>

    • AS/400 Platform

      /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin/keytool -import -v -trustcacerts -alias <your_machine_name> -file /certs/<your_machine_name>.cer -keystore /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts -keypass <private_key_password> -storepass <trust_store_password>Certificate was added to keystore [Storing /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts]

      Run the following command to confirm that the import process was successful:

      /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin/keytool -list -v -keystore /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts -alias <your_machine_name> -storepass <trust_store_password>

Note:

If there are multiple Certificates in the Certificate Chain of the Server Manager Console, all the Certificates in the Certificate Chain must be imported into the Truststore. Import of multiple files is commonly required for a CA Signed Certificate where a Root Certificate and an Intermediate Certificate exist in addition to the actual Certificate used by the Server Manager Console.

1.3.5 JVM Arguments Configuration

1.3.5.1 WebLogic and WebSphere Servers

The following screenshots show how the JVM Arguments are configured for the Server Manager Console on the WebLogic and WebSphere servers.

Server Manager Console on the WebLogic Server

Navigate to Home -> Summary of Servers -> <SM_J2EE_Server>, append the arguments as shown.

Figure 1-1 Server Manager Console on the WebLogic Server

Surrounding text describes Figure 1-1 .

Server Manager Console on the WebSphere Server

Navigate to Application servers -> <SM_J2EE_Server> -> Process definition - Java Virtual Machine, append the arguments as shown.

Figure 1-2 Server Manager Console on the WebSphere Server

Surrounding text describes Figure 1-2 .

1.3.5.2 Setting the HttpOnly and secure attributes for the SMCONSOLE_SSID cookie (Tools release 9.2.4.3)

After you update the Server Manager Console to 9.2.4.3, perform the steps in the following sections to set the HttpOnly and secure attributes for the SMCONSOLE_SSID cookie.

Server Manager Console on Weblogic Server

Note:

These steps are applicable only if you are using the Server Manager Console installed on WebLogic and is accessed over HTTPS or /SSL.
  1. Stop the Server Manager Console.

  2. Update the weblogic.xml file and uncomment the following lines:

    <wls:cookie-secure>true</wls:cookie-secure><wls:cookie-http-only>true</wls:cookie-http-only>

  3. Start the Server Manager Console.

  4. After the Server Manager Console starts up, log in to the Server Manager Console over HTTPS or SSL to complete the configuration.

  5. To confirm that the HttpOnly and secure attributes are set for the SMCONSOLE_SSID cookie, use the Browser Debugging tool and ensure that the attributes of this cookie are the same as the attributes shown in the following screenshot:

    Surrounding text describes weblogic_attributes.PNG.

    This completes the configuration.

Server Manager Console on the WebSphere Server

Note:

These steps are applicable only if you are using the Server Manager Console installed on WebSphere and is accessed over HTTPS or /SSL.
  1. Log in to the WebSphere Admin Console profile in which the Server Manager Console is installed.

    Surrounding text describes websphere1.png.
  2. Navigate to the J2EE container in which the Server Manager Console is running.

    Surrounding text describes websphere2.PNG.
  3. In the Container Settings section, click the Session Management link.

    Surrounding text describes websphere3.PNG.
  4. In the General Properties section, select the Enable Cookies option.

    Surrounding text describes websphere4.PNG.
  5. Verify that the settings are configured as illustrated in the following screenshot:

    Surrounding text describes websphere5.PNG.
  6. Navigate back to the J2EE container in which the Server Manager Console is running and expand the Ports option and note down the port number for the WC_defaulthost_secure name.

    Surrounding text describes websphere6.png.

    This completes the configuration.

  7. Navigate to Virtual Hosts, select default_host, add the port number that you noted in Step 6 for WC_defaulthost_secure, and click Save.

    Surrounding text describes websphere7.PNG.
  8. Restart the Server Manager Console and access the console over the WC_defaulthost_secure port.

  9. To confirm that the HttpOnly and secure attributes are set for the SMCONSOLE_SSID cookie, use the Browser Debugging tool and ensure that the attributes of this cookie are as same as the attributes shown in the following screenshot:

    Surrounding text describes websphere8.PNG.

1.3.5.3 AIS and HTML Servers

The following screenshots show how the JVM Arguments are configured for the Web Component Managed Instance on the WebLogic and WebSphere server for the AIS and HTML servers:

Web Component on the WebLogic Server

For the AIS server, navigate to Home -> Summary of Servers -> <AIS_J2EE_Server>, append the arguments as shown in the screenshot.

Figure 1-3 Web Component on the WebLogic Server (AIS)

Surrounding text describes Figure 1-3 .

For the HTML server, navigate to Home -> Summary of Servers -> <JAS_J2EE_Server>, append the arguments as shown.

Figure 1-4 Web Component on the WebLogic Server (HTML)

Surrounding text describes Figure 1-4 .

Web Component on the WebSphere Server

For the AIS server, navigate to Application servers - AIS_92 - Process definition - Java Virtual Machine, append the arguments as shown.

Figure 1-5 Web Component on the WebSphere Server (AIS)

Surrounding text describes Figure 1-5 .

For the HTML server, navigate to Application servers - AS_JS_82 - Process definition - Java Virtual Machine, append the arguments as shown.

Figure 1-6 Web Component on the WebSphere Server (HTML server)

Surrounding text describes Figure 1-6 .

1.3.5.4 Enterprise Server

The following screenshot shows how the JVM Arguments are configured for the Enterprise server.

Configure the JVM Arguments in the DefaultOptions entry in the [JDE JVM] section of the Enterprise server JDE.INI file.

Figure 1-7 Enterprise Server

Surrounding text describes Figure 1-7 .

1.3.6 Server Manager Agent Configuration

This section describes the configuration changes that are necessary for the Server Manager Agent to work with Java 8 Update 201 and later (and equivalent version of Java 7) without having to make changes to the java.security file.

1.3.6.1 Server Manager Agent on Windows

Important:

After you update the Server Manager Agent to Tools Release 9.2.3.4 or later, create a copy of the $SCHFA\bin\installAgentServiceV2.bat file and save the file as $SCHFA\bin\installAgentService.bat.

This step is necessary to persist the changes related to TLSv1.2 to the agent. If you do not perform this step, your changes will be overwritten when the agent is updated.

If the file $SCHFA\bin\installAgentService.bat is already present, use it to make the changes related to TLSv1.2. Do not use the $SCHFA\bin\installAgentServiceV2.bat file if the $SCHFA\bin\installAgentService.bat file is already is present.

Then perform the following tasks:

  1. Stop the Server Manager Agent by using the $SCFHA\bin\stopAgent.bat file.

  2. Uninstall the existing Server Manager Windows Service by using the $SCFHA\bin\uninstallAgentService.bat file.

  3. Changes the $SCHFA\bin\installAgentService.bat file as follows:

    A sample start params entry is provided below. The changes are shown in bold in this entry sample, make the same set of changes in the do32 and do64 sections.

    "--StartParams=-Djdk.tls.client.protocols=TLSv1.2;-Djavax.net.ssl.keyStore= C:\certs\keystore.jks;-Djavax.net.ssl.keyStorePassword=<password>;-Djavax.net.ssl.keyStoreType=JKS;-Djavax.net.ssl.keyPassword=<password>;-Djavax.net.ssl.trustStore= C:\Java64\jdk1.8.0_211\jre\lib\security\cacerts;-Djavax.net.ssl.trustStorePassword=<password>;-Djavax.net.ssl.trustStoreType=JKS;-Xrs;-classpath;%JDE_HOME%\lib\scfagent.jar;com.jdedwards.mgmt.agent.Launcher"

  4. Install the Server Manager Agent Windows Service by using the modified $SCFHA\bin\ installAgentService.bat file.

  5. Start the Server Manager Agent by using the $SCFHA\bin\startAgent.bat file.

Figure 1-8 Server Manager Agent on Windows

Surrounding text describes Figure 1-8 .

1.3.6.2 Server Manager Agent on UNIX and AS/400 Platforms

After you update the Server Manager Agent to Tools 9.2.3.4 or later, for Server Manager Agent installations on UNIX and AS/400 platforms, perform the following tasks:

  1. Create a copy of the $SCHFA/bin/runAgentV2 file and save it as $SCHFA/bin/runAgent.

  2. Stop the Server Manager Agent by using $SCFHA/bin/stopAgent.

  3. Change the $SCHFA/bin/runAgent file as follows:

    A sample start parameters entry is provided below. The changes are shown in bold in the sample entry.

UNIX

echo Starting the management agent on `date` in home $JDEHOME >>$JDEHOME/logs/e1agent_0.log

$JAVA $BITFLAG -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.ssl.keyStore=/slot/ems9991/appmgr/certs/keystore.jks -Djavax.net.ssl.keyStorePassword=<password> -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyPassword=<password> -Djavax.net.ssl.trustStore=/slot/ems9991/appmgr/jde_agent_ent/SCFHA/jdk/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=<password> -Djavax.net.ssl.trustStoreType=JKS -classpath $JDEHOME/lib/scfagent.jar com.jdedwards.mgmt.agent.Launcher >>$JDEHOME/logs/e1agent_0.log 2>&1 &

echo $!>$JDEHOME/agent.pid

exit 0

Figure 1-9 Server Manager Agent on UNIX

Surrounding text describes Figure 1-9 .

AS/400 Platform

If you are managing the WebSphere Managed Instance on the AS/400 platform, configure the $SCFHA/bin/runAgent script to use the 64-bit Java installation. Typically, the Java Installation used by the WebSphere Installation is /QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre.If you are managing the Enterprise Server Managed Instance on the AS/400 platform, configure the $SCFHA/bin/runAgent script to use the 32-bit or 64-bit Java installation depending on whether it is a 32-bit or 64-bit Enterprise Server Managed Instance installation.

The install location of the Java 8 32-bit and 64-bit respectively on the AS/400 machine is:

/QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre

/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre

echo starting the management agent

$JAVA_HOME$JDKBIN$JAVAEXE -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.ssl.keyStore=/jde_agent_1/SCFHA/keystore.jks -Djavax.net.ssl.keyStorePassword=<password> -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyPassword=<password> -Djavax.net.ssl.trustStore=/QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=<password> -Djavax.net.ssl.trustStoreType=JKS -classpath "$JDEHOME/lib/scfagent.jar:/QIBM/ProdData/HTTP/Public/jt400/lib/jt400.jar" com.jdedwards.mgmt.agent.Launcher 2>/dev/null 1>/dev/null &

Figure 1-10 Server Manager Agent on AS/400

Surrounding text describes Figure 1-10 .

1.3.7 Java.security File

If you have modified the $jdk/jre/lib/security/java.security file, and removed the anon and NULL entries from this file, add the entries again or restore the file to its original condition. The following screenshot highlights these entries:

Figure 1-11

Surrounding text describes Figure 1-11 .

1.3.8 startWeblogic.sh/cmd

You must edit the startWeblogic.sh/cmd file in $<Server_Manager_Console_Weblogic_Domain>\bin\startWeblogic.sh/cmd. In startWeblogic.sh/cmd, edit the command and add the content as shown in bold in the sample below. Also, you must edit the same command to restart the Admin Server of the WebLogic Domain on which the Server Manager Console is installed.

SAVE_JAVA_OPTIONS="${JAVA_OPTIONS} -Djdk.tls.client.protocols=TLSv1.2 "

Note:

Restart the Server Manager Console after making the changes to the command.

1.3.9 Updating the ManagementLoginModule_JAR.jar in the $SMC_WLS_Domain_Dir/lib Location (Release 9.2.4)

For the Server Manager Console on the WebLogic server when using Java 8 update 201 and later:

  1. Stop the Server Manager Console J2EE container.

  2. Stop the Admin server.

  3. Stop all the other J2EE containers that are running in the domain in which the Server Manager Console is installed.

  4. Delete the $SMC_WLS_Domain_Dir/lib/ManagementLoginModule_JAR.jar.

    For this specific set-up, the file can be found in the following directory:

    o /u01/OracleSMC/user_projects/domains/smc_domain/lib/ManagementLoginModule_JAR.jar

  5. Copy the latest ManagementLoginModule_JAR.jar file from $SCFMC/stage/ManagementConsole_WAR.ear/ManagementConsole_WAR.war/WEB-INF/lib/ManagementLoginModule_JAR.jar to the $SMC_WLS_Domain_Dir/lib directory.

    For this set-up, the file can be found in the following directory:

    o /u01/SMConsole/SCFMC/stage/ManagementConsole_WAR.ear/ManagementConsole_WAR.war/WEB-INF/lib/ManagementLoginModule_JAR.jar to above location. The timestamp of the file should show the new date and time.

  6. Start the Server Manager Console.

  7. Perform the Change Component operation to confirm that the operation is successful.

1.4 Configuring Server Manager Console to Work with Java 8 Update 201 (and later) (Tools Release 9.2.4.3 and later)

If you are using Server Manager version 9.2.4.3 or later, you can remove the TLS arguments that were added in Section 1.3.5, "JVM Arguments Configuration" and Section 1.3.6, "Server Manager Agent Configuration" since these arguments are for the Server Manager versions earlier than the release 9.2.4.3.

If you are using Server Manager version 9.2.4.3 or later, these arguments will be taken from the agent.properties file that is present in the $SCFMC\config and $SCHA\config folders.

Note:

Starting with JD Edwards EnterpriseOne Tools Release 9.2.4.3, there is no support for connecting to Server Manager Console and Server Manager Agent(s) using jconsole, any other JMX Client, or using a Java Debugger.