3 Upgrading Oracle Access Manager Single Node Environments

You can upgrade Oracle Access Manager from Release 11g Release 2 (11.1.2.3.0) to Oracle Access Manager 12c (12.2.1.3.0) .

Complete the steps in the following topics to perform the upgrade:

• About the Oracle Access Manager Single Node Upgrade Process
  Review the roadmap for an overview of the upgrade process for Oracle Access Manager single node deployments.
• Completing the Pre-Upgrade Tasks for Oracle Access Manager
  Complete the pre-upgrade tasks described in this section before you upgrade Oracle Access Manager.
• Installing Product Distributions
  Before beginning your upgrade, download Oracle Fusion Middleware Infrastructure and Oracle Access Manager 12c (12.2.1.3.0) distributions on the target system and install them using Oracle Universal Installer.
• Installing the Latest Stack Patch Bundle
  After you install the product distributions, Oracle strongly recommends you to apply the latest IDM Stack Patch Bundle (SPB) 12.2.1.3.0 before proceeding with the upgrade process. You can apply the patch by using the Opatch tool. Applying the SPB helps eliminate most of the upgrade issues or workarounds.
• Creating the Required 12c Schemas Using RCU
  When upgrading from 11g, you must create extra schemas required for 12c. If your setup has non-SSL ports open, you can use the Upgrade Assistant to create schemas by using the default schema settings. In case of SSL enabled setup, you can use the Repository Creation Utility (RCU) to create customized schemas. This procedure describes how to create schemas using the RCU. Information about using the Upgrade Assistant to create schemas is covered in the upgrade procedures.
• Integrating Access Federation with BI Publisher
  Update to the required or latest patches to seamlessly integrate and view Oracle Access Manager audit information on BI Publisher.
• Running a Pre-Upgrade Readiness Check
  To identify potential issues with the upgrade, Oracle recommends that you run a readiness check before you start the upgrade process. Be aware that the readiness check may not be able to discover all potential issues with your upgrade. An upgrade may still fail, even if the readiness check reports success.
• Stopping Servers and Processes
  Before you run the Upgrade Assistant to upgrade your schemas and configurations, you must shut down all of the pre-upgrade processes and servers, including the Administration Server, Node manager, and any managed servers.
• Upgrading Product Schemas
  After stopping servers and processes, use the Upgrade Assistant to upgrade supported product schemas to the current release of Oracle Fusion Middleware.
• About Reconfiguring the Domain
  Run the Reconfiguration Wizard to reconfigure your domain component configurations to 12c (12.2.1.3.0).
• Upgrading Domain Component Configurations
  After reconfiguring the domain, use the Upgrade Assistant to upgrade the domain component configurations inside the domain to match the updated domain configuration.
• Performing Post-Upgrade Tasks
  After performing the upgrade of Oracle Access Manager to 12c (12.2.1.3), you should complete the tasks summarized in this section, if required.
• Performing the Post-Patch Install Steps
  After completing the upgrade, you have to perform the post-patch installation steps.

About the Oracle Access Manager Single Node Upgrade Process

Review the roadmap for an overview of the upgrade process for Oracle Access Manager single node deployments.

The steps required to upgrade an existing domain will vary depending on how the domain is configured and which components are being upgraded.

Table 3-1 Tasks for Upgrading Single Node Oracle Access Manager Deployments

Task	Description
Optional If you have not done so already, review the introductory topics in this guide and complete the required pre-upgrade tasks.	See: Introduction to Upgrading Oracle Access Manager to 12c (12.2.1.3.0) Pre-Upgrade Requirements
Required Complete the necessary pre-upgrade tasks specific to Oracle Access Manager.	See Completing the Pre-Upgrade Tasks for Oracle Access Manager.
Required Install Fusion Middleware Infrastructure and Oracle Access Manager 12c (12.2.1.3.0) in a new Oracle home.	Install Fusion Middleware Infrastructure and Oracle Access Manager in a new Oracle home on the same host as the 11g production deployment before you begin the upgrade. In 12c, Oracle home is used to describe the 11g Middleware home. See Installing Product Distributions.
Required Apply the latest bundle patches.	See Installing the Latest Stack Patch Bundle.
Required Start the Repository Creation Utility (RCU) to create the required 12c database schemas.	The schemas you create will vary depending on your existing schema configuration. See Creating the Required 12c Schemas with the RCU.
Required Run a pre-upgrade readiness check.	See Running a Pre-Upgrade Readiness Check.
Required Shut down the 11g environment (stop all Administration and Managed Servers). Ensure that the Database is up during the upgrade.	WARNING: Failure to shut down your servers during an upgrade may lead to data corruption. See Stopping Servers and Processes.
Required Start the Upgrade Assistant to upgrade the 11g database schemas and to migrate all active (in flight) instance data.	See Upgrading Product Schemas. NOTE: The upgrade of active instance data is started automatically when running the Upgrade Assistant. Once the data is successfully upgraded to the new 12c (12.2.1.3.0) environment, you can close the Upgrade Assistant. The closed instances will continue to upgrade through a background process.
Required Start the Reconfiguration Wizard to reconfigure the domain.	During an upgrade, the Configuration Wizard is run in reconfiguration mode to update the existing domain to use the newly installed software. See Reconfiguring the Domain Using the Reconfiguration Wizard.
Required Start the Upgrade Assistant (again) to upgrade Oracle Access Manager domain component configurations.	The Upgrade Assistant is used to update the reconfigured domain’s component configurations. See Upgrading Domain Component Configurations.
Required Complete any necessary post-upgrade tasks.	These tasks are optional. See Performing Post-Upgrade Tasks.
Required Perform the post-patch install steps.	See Performing the Post-Patch Install Steps.

Completing the Pre-Upgrade Tasks for Oracle Access Manager

Complete the pre-upgrade tasks described in this section before you upgrade Oracle Access Manager.

• Checking the Supported Starting Point for Oracle Access Manager Upgrade
  The Oracle Access Manager version that is supported for upgrade is 11g Release 2 (11.1.2.3.0).
• Checking if OAM is in a Different Domain to OAAM and OIM
  In the case of Oracle Access Manager (OAM), Oracle Adaptive Access Management (OAAM), and Oracle Identity Manager (OIM) integrated setup, where OAM and OAAM are in same domain, and OIM is in a separate domain, the OAM domain needs to be cloned that works with OAAM and OIM in the source domain.
• Removing the IAMSuiteAgent Deployment
  The IAMSuiteAgent deployment is not supported in 12c. Therefore, undeploy the IAMSuiteAgent before you proceed with the upgrade.
• Upgrading Java JSE Policy
  Upgrade Java JSE Policy, if required.

Checking the Supported Starting Point for Oracle Access Manager Upgrade

The Oracle Access Manager version that is supported for upgrade is 11g Release 2 (11.1.2.3.0).

If you are using an earlier version of Oracle Access Manager, you must upgrade to Oracle Access Manager 11g Release 2 (11.1.2.3.0) first, and then to 12c.

Checking if OAM is in a Different Domain to OAAM and OIM

In the case of Oracle Access Manager (OAM), Oracle Adaptive Access Management (OAAM), and Oracle Identity Manager (OIM) integrated setup, where OAM and OAAM are in same domain, and OIM is in a separate domain, the OAM domain needs to be cloned that works with OAAM and OIM in the source domain.

Note:

Ensure that Oracle Access Manager and Oracle Identity Manager are in different domains. If they are in the same domain, then you need to separate them into multiple domains. For more information, see Separating Oracle Identity Management Applications Into Multiple Domains.

To separate the OAM and OAAM domain, do the following:

1. Perform the test-to-production of the source environment (machine-1) where OAM and OAAM is in the same domain, so as to form the 11.1.2.3.0 OAM-OAAM environment on machine-2. This machine-2 acts as the production machine.
2. On machine-1, open the DOMAIN_HOME/config/fmwconfig/oam-config.xml file in a text editor, and search for the parameter HOST_ALIAS_1.
3. Update the serverhost parameter to reflect the name of production machine, so that it knows the target (OAAM) machine to which it has to point to render the OAAM authentication page.
4. Search for the parameter Version, and increment its value by one.
5. Restart only the Administration Server and the OAM Server of source machine (machine-1) to reflect the changes.
   Ensure that the oaam_admin_server1 and oaam_server_server1 on the source machine are stopped.
6. Start the oaam_admin_server1 and oaam_server_server1 on production machine (machine-2). The Administration Server on the production machine will be in Running state after the T2P.
7. Access the tapscheme protected resource of machine-1. Make sure that the request gets redirected to OAAM server of machine—2 and subsequent taspscheme login is successful.

   Note:

   Ensure that the date and time on source and production machine are in sync. If they are not, the authentication fails.

If OIM is installed in a separate domain, and is integrated with OAM and OAAM, do the following:

1. Update the following Oracle Identity Manager properties to contain the details of the new OAAM host:

   • OIM.ChangePasswordURL
   • OIM.ChallengeQuestionModificationURL

   For information about setting the Oracle Identity Manager properties for OAAM, see Setting Oracle Identity Manager Properties for Oracle Adaptive Access Manager in the Integration Guide for Oracle Identity Management Suite for 11g Release 2 (11.1.2.3.0).

2. Restart the Oracle Identity Manager server.

Note:

You must upgrade the OAM domain whose Managed Server is in the running state after the domain separation.

For example, if you have followed the steps in this section, you will have to upgrade OAM that resides on machine-1, to 12c.

Removing the IAMSuiteAgent Deployment

The IAMSuiteAgent deployment is not supported in 12c. Therefore, undeploy the IAMSuiteAgent before you proceed with the upgrade.

Removing IAMSuiteAgent from the WebLogic Administration Console

1. Log in to the WebLogic Administration Console using the following URL:

   http://hostname:port/console
   

   where hostname is the DNS name or IP address of the Administration Server and port is the listen port on which the Administration Server is listening for requests (port 7001 by default). If you have configured a domain-wide administration port, use that port number. If you configured the Administration Server to use Secure Socket Layer (SSL) you must add s after http as follows:

   https://hostname:port/console
   

   Note:

   A domain-wide administration port always uses SSL.
2. Click Security Realms.
3. Click myrealm.
4. Click Provider, and then select IAMSuiteAgent.
5. Click Delete.
6. Restart the servers.

Removing IAMSuiteAgent from the OAM Console

Note:

Before you delete IAMSuiteAgent from the OAM console, complete the following tasks:

• Replace IAMSuiteAgent with an 11g WebGate. See Replacing the IAMSuiteAgent with an 11g WebGate. Removing IAMSuiteAgent without replacing it with an 11g WebGate may result in a loss of the OAM functionalities in the 11g server.
• Back up the OAM configuration.

1. Log in to the OAM console.
2. Go to the Application Security tab, click Agents, and then Managed single sign-on agents.
3. From the list of SSO agents, select IAMSuiteAgent, and then click Delete.
4. Confirm the deletion.

Upgrading Java JSE Policy

Upgrade Java JSE Policy, if required.

Note:

This is required if any of the Identity Management components like Oracle Access Management (OAM), Oracle Identity Manager (OIM), Oracle Adaptive Access Manager (OAAM), or Oracle Access Manager Webgates of a data center are yet to be upgraded to 12c (12.2.1.3.0). This is for the phased transition to 12c (12.2.1.3.0).

For a Multi Data Center setup, this is required if any of the data centers has 12c (12.2.1.2.0) components (OAM, OIM, OAAM, OAM Webgates).

The jar files local_policy.jar and US_export_policy.jar are present in the directory $JAVA_HOME/jre/lib/security. You can upgrade Java JSE policy by overwriting these jar files with the specified versions. To do this, complete the following steps:

1. Download the local_policy.jar and US_export_policy.jar files from the following location:
   http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
2. Copy the jar files to the location $JAVA_HOME/jre/lib/security. This overwrites the existing files.

This completes the Java JSE policy upgrade.

Installing Product Distributions

Before beginning your upgrade, download Oracle Fusion Middleware Infrastructure and Oracle Access Manager 12c (12.2.1.3.0) distributions on the target system and install them using Oracle Universal Installer.

Note:

• The 12c binaries are installed in a different location from the previous 11g binaries. You can install 12c binaries before any planned downtime for upgrade.
• If you are using Redundant binary locations, ensure that you install the software into each of those redundant locations.

To install the 12c (12.2.1.3.0) distributions:

1. Sign in to the target system.
2. Download the following from Oracle Technical Resources or Oracle Software Delivery Cloud to your target system:
   • Oracle Fusion Middleware Infrastructure (fmw_12.2.1.3.0_infrastructure_generic.jar)
   • Oracle Access Manager (fmw_12.2.1.3.0_idm_generic.jar)
   • Any additional distributions for your pre-upgrade environment

   Note:

   If you are upgrading an integrated environment that was set up using Life Cycle Management (LCM) tool, that includes Oracle Access Manager, Oracle Identity Manager, and WebGates, then you must install the respective 12c Web Server (Oracle HTTP Server or Oracle Traffic Director) binaries in the same Oracle Home.

3. Change to the directory where you downloaded the 12c (12.2.1.3.0) product distribution.
4. Start the installation program for Oracle Fusion Middleware Infrastructure:
   • (UNIX) JAVA_HOME/bin/java -jar fmw_12.2.1.3.0_infrastructure_generic.jar
   • (Windows) JAVA_HOME\bin\java -jar fmw_12.2.1.3.0_infrastructure_generic.jar
5. On UNIX operating systems, the Installation Inventory Setup screen appears if this is the first time you are installing an Oracle product on this host.
   Specify the location where you want to create your central inventory. Make sure that the operating system group name selected on this screen has write permissions to the central inventory location, and click Next.

   Note:

   The Installation Inventory Setup screen does not appear on Windows operating systems.
6. On the Welcome screen, review the information to make sure that you have met all the prerequisites. Click Next.
7. On the Auto Updates screen, select an option:

   • Skip Auto Updates: If you do not want your system to check for software updates at this time.

   • Select patches from directory: To navigate to a local directory if you downloaded patch files.

   • Search My Oracle Support for Updates: To automatically download software updates if you have a My Oracle Support account. You must enter Oracle Support credentials then click Search. To configure a proxy server for the installer to access My Oracle Support, click Proxy Settings. Click Test Connection to test the connection.

   Click Next.
8. On the Installation Location screen, specify the location for the Oracle home directory and click Next.
   For more information about Oracle Fusion Middleware directory structure, see About the Directories for Installation and Configuration in Planning an Installation of Oracle Fusion Middleware.
9. On the Installation Type screen, select the following:
   • For Infrastructure, select Fusion Middleware Infrastructure
   • For Oracle Access Manager, select Collocated Oracle Identity and Access Manager.
   Click Next.
10. The Prerequisite Checks screen analyzes the host computer to ensure that the specific operating system prerequisites have been met.
    To view the list of tasks that are verified, select View Successful Tasks. To view log details, select View Log. If any prerequisite check fails, then an error message appears at the bottom of the screen. Fix the error and click Rerun to try again. To ignore the error or the warning message and continue with the installation, click Skip (not recommended).
11. On the Installation Summary screen, verify the installation options that you selected.
    If you want to save these options to a response file, click Save Response File and enter the response file location and name. The response file collects and stores all the information that you have entered, and enables you to perform a silent installation (from the command line) at a later time.

    Click Install to begin the installation.

12. On the Installation Progress screen, when the progress bar displays 100%, click Finish to dismiss the installer, or click Next to see a summary.
13. The Installation Complete screen displays the Installation Location and the Feature Sets that are installed. Review this information and click Finish to close the installer.
14. After you have installed Oracle Fusion Middleware Infrastructure, enter the following command to start the installer for your product distribution and repeat the steps above to navigate through the installer screens:
    (UNIX) JAVA_HOME/bin/java -jar fmw_12.2.1.3.0_idm_generic.jar
    (Windows) JAVA_HOME\bin\java -jar fmw_12.2.1.3.0_idm_generic.jar

Note:

• If your 11.1.2.3.0 setup was deployed using Life Cycle Management (LCM) tool, you must install Oracle HTTP Server 12c (12.2.1.3.0) in the 12c Middleware home. See Preparing to Install and Configure Oracle HTTP Server in Installing and Configuring Oracle HTTP Server.
• By using the opatch tool, apply the latest recommended patchsets from Oracle Support. Complete only the binary installation of patchsets and follow any post-patch steps after the upgrade process is complete. This provides the latest known fixes for upgrade process, if any.

Installing the Latest Stack Patch Bundle

After you install the product distributions, Oracle strongly recommends you to apply the latest IDM Stack Patch Bundle (SPB) 12.2.1.3.0 before proceeding with the upgrade process. You can apply the patch by using the Opatch tool. Applying the SPB helps eliminate most of the upgrade issues or workarounds.

Following are the high-level tasks you should complete to apply the Stack Patch Bundle:

• Initial Preparation: In this phase, you stage the software, read the README.txt file, and verify and/or update the Opatch tool to the appropriate versions.
• Analysis Phase: In this phase, you run the prestop command with the variables from the README.txt file to determine if the system is ready for patching.
• Patching Phase: In this phase, you backup MW_HOME and DOMAIN_HOME, run the downtime command for OIG with the variables from the README.txt file, and then clear any temporary files.

Note:

At this point, you will not restart the servers. There is currently no link between the schemas, the local configuration, and the new bits. The remainder of the patching process will happen after the bootstrap.

To avoid a false failure during the domain Reconfiguration Phase of the upgrade, after completing the Patching Phase, update the following entries in the config.xml for the com.oracle.cie.comdev_7.8.2.0 and com.oracle.cie.xmldh_3.4.2.0 libraries:

<name>com.oracle.cie.comdev#3.0.0.0@7.8.2.0</name>
com.oracle.cie.comdev_7.8.2.0.jar

<name>com.oracle.cie.xmldh#2.0.0.0@3.4.2.0</name>
com.oracle.cie.xmldh_3.4.2.0.jar

From:

<library>
<name>com.oracle.cie.comdev#3.0.0.0@7.8.2.0</name>
<target>oim_cluster</target>
<source-path><MW_HOME>/oracle_common/modules/com.oracle.cie.comdev_7.8.2.0.jar
</source-path>
<deployment-order>511</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</library>

<library>
<name>com.oracle.cie.xmldh#2.0.0.0@3.4.2.0</name>
<target>oim_cluster</target>
<source-path><MW_HOME>/oracle_common/modules/com.oracle.cie.xmldh_3.4.2.0.jar<
/source-path>
<deployment-order>511</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</library>

To this:

<library>
<name>com.oracle.cie.comdev#3.0.0.0@7.8.4.0</name>
<target>oim_cluster</target>
<source-path><MW_HOME>/oracle_common/modules/com.oracle.cie.comdev_7.8.4.0.jar
</source-path>
<deployment-order>511</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</library>

<library>
<name>com.oracle.cie.xmldh#2.0.0.0@3.4.4.0</name>
<target>oim_cluster</target>
<source-path><MW_HOME>/oracle_common/modules/com.oracle.cie.xmldh_3.4.4.0.jar<
/source-path>
<deployment-order>511</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</library>

This update to the config.xml file changes the name of the libraries and version of the jar file in each library to the one that will be used post the patching process. If it is a cluster, ensure that both nodes have these settings.

For more information on the patching process, see Doc ID 2657920.1.

Note:

If you are using Windows or Solaris OS, download the individual Bundle Patches (BPs) from Doc ID 2457034.1.

After completing the upgrade, you have to perform the post-patch install steps. See Performing the Post-Patch Install Steps.

Creating the Required 12c Schemas Using RCU

When upgrading from 11g, you must create extra schemas required for 12c. If your setup has non-SSL ports open, you can use the Upgrade Assistant to create schemas by using the default schema settings. In case of SSL enabled setup, you can use the Repository Creation Utility (RCU) to create customized schemas. This procedure describes how to create schemas using the RCU. Information about using the Upgrade Assistant to create schemas is covered in the upgrade procedures.

Note:

You must use the 12c Repository Creation Utility (RCU) to create the 12c schemas. 12c RCU is located at ORACLE_HOME/oracle_common/bin directory, where ORACLE_HOME is the 12c Oracle Home.

You must create the following schemas using 12c RCU:

• Common Infrastructure Services Service Table (prefix_STB)

• WebLogic Services (prefix_WLS)

• User Messaging Service (prefix_UMS)

The existing schemas such as Oracle Access Manager (OAM), Oracle Platform Security Services (OPSS) will be upgraded, and therefore, you do not have to create new ones.

The following schemas must exist before you upgrade to 12c. If you are upgrading from 11g, and you are not sure which schemas you currently have, refer to the steps below to identify the existing schemas in your domain. You do not need to re-create these schemas if they already exist.

• Service Table schema (prefix_STB). This schema is new in 12c and is required for domain-based upgrades. It stores basic schema configuration information (for example, schema prefixes and passwords) that can be accessed and used by other Oracle Fusion Middleware components during the domain creation. This schema is automatically created when you run the Repository Creation Utility (RCU), where you specify the existing schema owner prefix that you used for your other 11g schemas.

  Note:

  If the Service Table schema does not exist, you may encounter the error message UPGAST-00328 : The schema version registry table does not exist on this database. If that happens it is necessary to create the service table schema in order to run Upgrade Assistant

• Oracle Platform Security Services (OPSS) schema (prefix_OPSS). This schema is required if you are using an OID-based security store in 11g. This schema is automatically created when you run the Repository Creation Utility (RCU). The only supported LDAP-based OPSS security store is Oracle Internet Directory (OID). An LDAP-based policy store is typically used in production environments. You do not need to reassociate an OID-based security store before upgrade. While the Upgrade Assistant is running, you can select the OPSS schema. The Upgrade Assistant upgrades the OID-based security store automatically.

  Note:

  The 12c OPSS database schema is required so that you can reference the 12c schema during the reconfiguration of the domain. Your domain continues to use the OID-based security store after the upgrade is complete.

To create the 12c schemas with the RCU:

1. (Optional) If you are upgrading from 11g, and you wish to confirm the schemas which are present in your existing domain, then connect to the database as a user with DBA privileges, and run the following code from SQL*Plus:

   SET LINE 120
   COLUMN MRC_NAME FORMAT A14
   COLUMN COMP_ID FORMAT A20
   COLUMN VERSION FORMAT A12
   COLUMN STATUS FORMAT A9
   COLUMN UPGRADED FORMAT A8
   SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID ;
   

2. Verify that a certified JDK already exists on your system by running java -version from the command line. For 12c (12.2.1.3.0), the certified JDK is 1.8.0_131 and later.
   Ensure that the JAVA_HOME environment variable is set to the location of the certified JDK. For example:
   • (UNIX) setenv JAVA_HOME=/home/Oracle/Java/jdk1.8.0_131
   • (Windows) set JAVA_HOME=C:\home\Oracle\Java\jdk1.8.0_131
   Add $JAVA_HOME/bin to $PATH.
3. Go to the oracle_common/bin directory:
   • (UNIX) ORACLE_HOME/oracle_common/bin
   • (Windows) ORACLE_HOME\oracle_common\bin
4. Start the RCU:
   • (UNIX) ./rcu
   • (Windows) rcu.bat
5. On the Welcome screen, click Next.
6. On the Create Repository screen, select Create Repository and then select System Load and Product Load.
   If you do not have DBA privileges, select Prepare Scripts for System Load. This will generate a SQL script containing all the same SQL statements and blocks that would have been called if the RCU were to execute the actions for the selected components.

   After the script is generated, the user you created earlier, in Creating a Non-SYSDBA User to Run the Upgrade Assistant, with the necessary SYS or SYSDBA privileges can execute the script to complete the system load phase.

   Click Next.

7. On the Database Connection Details screen, select the Database Type and enter the connection information for the database that hosts the 11g schemas. See the pertinent table below.

   Table 3-2 Connection Credentials for Oracle Databases and Oracle Databases with Edition-Based Redefinition

   Option	Description and Example
   Host Name	Specify the name of the server where your database is running in the following format: examplehost.exampledomain.com For Oracle RAC databases, specify the SCAN name or one of the node names in this field.
   Port	Specify the port number for your database. The default port number for Oracle databases is 1521.
   Service Name	Specify the service name for the database. Typically, the service name is the same as the global database name. For Oracle RAC databases, specify the service name of one of the nodes in this field. For example: examplehost.exampledomain.com
   Username	Enter the user name for your database. The default user name is SYS.
   Password	Enter the password for your database user.
   Role	Select the database user's role from the drop-down list: Normal or SYSDBA

   Table 3-3 Connection Credentials for MySQL Databases

   Option	Description and Example
   Host Name	Specify the host name, IP address, or complete server name in host\server format of the server where your database is running.
   Port	Specify the port number for your database.
   Database Name	Specify the name of your database.
   Username	Specify the name of a user with administrator privileges.
   Password	Enter the password for your database user.

   Table 3-4 Connection Credentials for Microsoft SQL Server Databases

   Option	Description and Example
   Unicode Support	Select Yes or No from the drop-down list.
   Server Name	Specify the host name, IP address, or complete server name in host\server format of the server where your database is running. MSSQL named instances: A named instance is identified by the network name of the computer and the instance name that you specify during installation. The client must specify both the server name and the instance name when connecting.
   Port	Specify the port number for your database.
   Database Name	Specify the name of your database.
   Username	Specify the name of a user with administrator privileges.
   Password	Enter the password for your database user.

   Table 3-5 Connection Credentials for IBM DB2 Databases

   Option	Description and Example
   Server Name	Specify the host name, IP address, or complete server name in host\server format of the server where your database is running.
   Port	Specify the port number for your database.
   Database Name	Specify the name of your database.
   Username	Specify the name of a user with DB Owner privileges. The default user name for IBM DB2 databases is db2admin.
   Password	Enter the password for your database user.

   If the prerequisite check is successful, click OK to continue to the next screen. If the check fails, review the details you entered and try again.
8. On the Select Components screen, select Select existing prefix and select the prefix that was used to create the existing 11g schemas from the drop-down menu (for example, DEV11G). This prefix is used to logically group schemas together for use in this domain. Select the following schemas:
   1. Common Infrastructure Services Service Table (prefix_STB)
   2. WebLogic Services (prefix_WLS)
   3. User Messaging Service (prefix_UMS)

   Note:

   The Common Infrastructure Services (prefix_STB) and Oracle Platform Security Services (prefix_OPSS) schemas are selected by default if they have not yet been created.

   Make a note of the prefix and schema names for the components you are installing as you will need this information when you configure the installation. Click Next.
9. In the Checking Prerequisites dialog, verify that the prerequisites check is successful, then click OK.
10. On the Schema Passwords screen, specify the passwords for your schema owners.
    Make a note of the passwords you enter on this screen as you will need this information while configuring your product installation.
11. On the Map Tablespaces screen, configure the required tablespace mapping for the schemas you want to create.
    Click Next, then click OK in the confirmation dialog. When the progress dialog shows the tablespace creation is complete, click OK.
    You see the Encrypt Tablespace check box only if you have enabled Transparent Data Encryption (TDE) in the database (Oracle or Oracle EBR) when you start the RCU. Select the Encrypt Tablespace check box on the Map Tablespaces screen to encrypt all new tablespaces that the RCU creates.
12. Verify the information on the Summary screen and click Create to begin schema creation.
    This screen contains information about the log files that were created from this RCU operation. Click on the name of a particular log file to view the contents of that file.
13. Review the information on the Completion Summary screen to verify that the operation is completed successfully. Click Close to complete the schema creation.

Integrating Access Federation with BI Publisher

Update to the required or latest patches to seamlessly integrate and view Oracle Access Manager audit information on BI Publisher.

Complete the following tasks:

Task 1: Integrate Access Audit with OPSS Store [IAU Schema]

Apply the latest patch for Oracle Access Manager 12c (12.2.1.3.0) or upgrade to 12c (12.2.1.4).

Task 2: Integrate Access Audit with BI Publisher

For Oracle Platform Security Services (OPSS), apply patch 12.2.1.3.181016 or later.

Task 3: Intergrate Access Federation Audit

For Oracle Platform Security Services (OPSS), apply patch 12.2.1.3.201013 or later.

Running a Pre-Upgrade Readiness Check

To identify potential issues with the upgrade, Oracle recommends that you run a readiness check before you start the upgrade process. Be aware that the readiness check may not be able to discover all potential issues with your upgrade. An upgrade may still fail, even if the readiness check reports success.

• About Running a Pre-Upgrade Readiness Check
  You can run the Upgrade Assistant in -readiness mode to detect issues before you perform the actual upgrade. You can run the readiness check in GUI mode using the Upgrade Assistant or in silent mode using a response file.
• Starting the Upgrade Assistant in Readiness Mode
  Use the -readiness parameter to start the Upgrade Assistant in readiness mode.
• Performing a Readiness Check with the Upgrade Assistant
  Navigate through the screens in the Upgrade Assistant to complete the pre-upgrade readiness check.
• Understanding the Readiness Report
  After performing a readiness check for your domain, review the report to determine whether you need to take any action for a successful upgrade.
• OAM Configuration Upgrade Readiness Checks
  The Upgrade Assistant (UA), when run in the readiness mode, performs several configuration upgrade validation checks. Ensure that each of these validation checks are successful before you proceed with the upgrade process.

About Running a Pre-Upgrade Readiness Check

You can run the Upgrade Assistant in -readiness mode to detect issues before you perform the actual upgrade. You can run the readiness check in GUI mode using the Upgrade Assistant or in silent mode using a response file.

The Upgrade Assistant readiness check performs a read-only, pre-upgrade review of your Fusion Middleware schemas and WebLogic domain configurations that are at a supported starting point. The review is a read-only operation.

The readiness check generates a formatted, time-stamped readiness report so you can address potential issues before you attempt the actual upgrade. If no issues are detected, you can begin the upgrade process. Oracle recommends that you read this report thoroughly before performing an upgrade.

You can run the readiness check while your existing Oracle Fusion Middleware domain is online (while other users are actively using it) or offline.

You can run the readiness check any number of times before performing any actual upgrade. However, do not run the readiness check after an upgrade has been performed, as the report results may differ from the result of pre-upgrade readiness checks.

Note:

To prevent performance from being affected, Oracle recommends that you run the readiness check during off-peak hours.

Starting the Upgrade Assistant in Readiness Mode

Use the -readiness parameter to start the Upgrade Assistant in readiness mode.

To perform a readiness check on your pre-upgrade environment with the Upgrade Assistant:

1. Go to the oracle_common/upgrade/bin directory:
   • (UNIX) ORACLE_HOME/oracle_common/upgrade/bin
   • (Windows) ORACLE_HOME\oracle_common\upgrade\bin

   Where, ORACLE_HOME is the 12c Oracle Home.

2. Start the Upgrade Assistant.
   • (UNIX) ./ua -readiness
   • (Windows) ua.bat -readiness

   Note:

   If the DISPLAY environment variable is not set up properly to allow for GUI mode, you may encounter the following error:

   Xlib: connection to ":1.0" refused by server
   Xlib: No protocol specified 

   To resolve this issue you need to set the DISPLAY variable to the host and desktop where a valid X environment is working.

   For example, if you are running an X environment inside a VNC on the local host in desktop 6, then you would set DISPLAY=:6. If you are running X on a remote host on desktop 1 then you would set this to DISPLAY=remoteHost:1.

   For information about other parameters that you can specify on the command line, see:

• Upgrade Assistant Parameters
  

Upgrade Assistant Parameters

When you start the Upgrade Assistant from the command line, you can specify additional parameters.

Table 3-6 Upgrade Assistant Command-Line Parameters

Parameter	Required or Optional	Description
-readiness	Required for readiness checks Note: Readiness checks cannot be performed on standalone installations (those not managed by the WebLogic Server).	Performs the upgrade readiness check without performing an actual upgrade. Schemas and configurations are checked. Do not use this parameter if you have specified the -examine parameter.
-threads	Optional	Identifies the number of threads available for concurrent schema upgrades or readiness checks of the schemas. The value must be a positive integer in the range 1 to 8. The default is 4.
-response	Required for silent upgrades or silent readiness checks	Runs the Upgrade Assistant using inputs saved to a response file generated from the data that is entered when the Upgrade Assistant is run in GUI mode. Using this parameter runs the Upgrade Assistant in silent mode (without displaying Upgrade Assistant screens).
-examine	Optional	Performs the examine phase but does not perform an actual upgrade. Do not specify this parameter if you have specified the -readiness parameter.
-logLevel attribute	Optional	Sets the logging level, specifying one of the following attributes: TRACE NOTIFICATION WARNING ERROR INCIDENT_ERROR The default logging level is NOTIFICATION. Consider setting the -logLevel TRACE attribute to so that more information is logged. This is useful when troubleshooting a failed upgrade. The Upgrade Assistant's log files can become very large if -logLevel TRACE is used.
-logDir location	Optional	Sets the default location of upgrade log files and temporary files. You must specify an existing, writable directory where the Upgrade Assistant creates log files and temporary files. The default locations are: (UNIX) ORACLE_HOME/oracle_common/upgrade/logs ORACLE_HOME/oracle_common/upgrade/temp (Windows) ORACLE_HOME\oracle_common\upgrade\logs ORACLE_HOME\oracle_common\upgrade\temp
-help	Optional	Displays all of the command-line options.

Performing a Readiness Check with the Upgrade Assistant

Navigate through the screens in the Upgrade Assistant to complete the pre-upgrade readiness check.

Readiness checks are performed only on schemas or component configurations that are at a supported upgrade starting point.

To complete the readiness check:

1. On the Welcome screen, review information about the readiness check. Click Next.
2. On the Readiness Check Type screen, select the readiness check that you want to perform:
   • Individually Selected Schemas allows you to select individual schemas for review before upgrade. The readiness check reports whether a schema is supported for an upgrade or where an upgrade is needed.

     When you select this option, the screen name changes to Selected Schemas.

   • Domain Based allows the Upgrade Assistant to discover and select all upgrade-eligible schemas or component configurations in the domain specified in the Domain Directory field.

     When you select this option, the screen name changes to Schemas and Configuration.

     Leave the default selection if you want the Upgrade Assistant to check all schemas and component configurations at the same time, or select a specific option:

     • Include checks for all schemas to discover and review all components that have a schema available to upgrade.

     • Include checks for all configurations to review component configurations for a managed WebLogic Server domain.

   Click Next.

3. If you selected Individually Selected Schemas: On the Available Components screen, select the components that have a schema available to upgrade for which you want to perform a readiness check.
   If you selected Domain Based: On the Component List screen, review the list of components that are present in your domain for which you want to perform a readiness check.
   If you select a component that has dependent components, those components are automatically selected. For example, if you select Oracle Platform Security Services, Oracle Audit Services is automatically selected.

   Depending on the components you select, additional screens may display. For example, you may need to:

   • Specify the Administrator server domain directory.

     Ensure that you specify the 11.1.2.3.0 Administrator server domain directory.

   • Specify schema credentials to connect to the selected schema: Database Type, DBA User Name, and DBA Password. As part of the pre-upgrade requirements, you had created the required user, see Creating a Non-SYSDBA User to Run the Upgrade Assistant.

     Then click Connect.

     Note:

     Oracle database is the default database type. Make sure that you select the correct database type before you continue. If you discover that you selected the wrong database type, do not go back to this screen to change it to the correct type. Instead, close the Upgrade Assistant and restart the readiness check with the correct database type selected to ensure that the correct database type is applied to all schemas.

   • Select the Schema User Name option and specify the Schema Password.

   Click Next to start the readiness check.
4. On the Readiness Summary screen, review the summary of the readiness checks that will be performed based on your selections.
   If you want to save your selections to a response file to run the Upgrade Assistant again later in response (or silent) mode, click Save Response File and provide the location and name of the response file. A silent upgrade performs exactly the same function that the Upgrade Assistant performs, but you do not have to manually enter the data again.
   For a detailed report, click View Log.
   Click Next.
5. On the Readiness Check screen, review the status of the readiness check. The process can take several minutes.
   If you are checking multiple components, the progress of each component displays in its own progress bar in parallel.
   When the readiness check is complete, click Continue.
6. On the End of Readiness screen, review the results of the readiness check (Readiness Success or Readiness Failure):

   • If the readiness check is successful, click View Readiness Report to review the complete report. Oracle recommends that you review the Readiness Report before you perform the actual upgrade even when the readiness check is successful. Use the Find option to search for a particular word or phrase within the report. The report also indicates where the completed Readiness Check Report file is located.

   • If the readiness check encounters an issue or error, click View Log to review the log file, identify and correct the issues, and then restart the readiness check. The log file is managed by the command-line options you set.

Understanding the Readiness Report

After performing a readiness check for your domain, review the report to determine whether you need to take any action for a successful upgrade.

The format of the readiness report file is:

readiness_timestamp.txt

where timestamp indicates the date and time of when the readiness check was run.

A readiness report contains the following information:

Table 3-7 Readiness Report Elements

Report Information	Description	Required Action
Overall Readiness Status: SUCCESS or FAILURE	The top of the report indicates whether the readiness check passed or completed with one or more errors.	If the report completed with one or more errors, search for FAIL and correct the failing issues before attempting to upgrade. You can re-run the readiness check as many times as necessary before an upgrade.
Timestamp	The date and time that the report was generated.	No action required.
Log file location ORACLE_HOME/oracle_common/upgrade/logs	The directory location of the generated log file.	No action required.
Readiness report location ORACLE_HOME/oracle_common/upgrade/logs	The directory location of the generated readiness report.	No action required.
Names of components that were checked	The names and versions of the components included in the check and status.	If your domain includes components that cannot be upgraded to this release, such as SOA Core Extension, do not attempt an upgrade.
Names of schemas that were checked	The names and current versions of the schemas included in the check and status.	Review the version numbers of your schemas. If your domain includes schemas that cannot be upgraded to this release, do not attempt an upgrade.
Individual Object Test Status: FAIL	The readiness check test detected an issue with a specific object.	Do not upgrade until all failed issues have been resolved.
Individual Object Test Status: PASS	The readiness check test detected no issues for the specific object.	If your readiness check report shows only the PASS status, you can upgrade your environment. Note, however, that the Readiness Check cannot detect issues with externals such as hardware or connectivity during an upgrade. You should always monitor the progress of your upgrade.
Completed Readiness Check of <Object> Status: FAILURE	The readiness check detected one or more errors that must be resolved for a particular object such as a schema, an index, or datatype.	Do not upgrade until all failed issues have been resolved.
Completed Readiness Check of <Object> Status: SUCCESS	The readiness check test detected no issues.	No action required.

Here is a sample Readiness Report file. Your report may not include all of these checks.

Upgrade readiness check completed with one or more errors.

This readiness check report was created on Tue May 30 11:15:52 EDT 2016
Log file is located at: ORACLE_HOME/oracle_common/upgrade/logs/ua2016-05-30-11-14-06AM.log
Readiness Check Report File: ORACLE_HOME/oracle_common/upgrade/logs/readiness2016-05-30-11-15-52AM.txt

Starting readiness check of components.

Oracle Metadata Services
   Starting readiness check of Oracle Metadata Services.
     Schema User Name: DEV11_MDS
     Database Type: Oracle Database
     Database Connect String: machinename@yourcompany.com
     VERSION Schema DEV11_MDS is currently at version 12.1.1.1.0.  Readiness checks will now be performed.
   Starting schema test:  TEST_REQUIRED_TABLES  Test that the schema contains all the required tables
   Completed schema test: TEST_REQUIRED_TABLES --> Test that the schema contains all the required tables +++ PASS
   Starting schema test:  TEST_REQUIRED_PROCEDURES  Test that the schema contains all the required stored procedures
     EXCEPTION     Schema is missing a required procedure: GETREPOSITORYFEATURES
   Completed schema test: TEST_REQUIRED_PROCEDURES --> Test that the schema contains all the required stored procedures +++ FAIL
   Starting schema test:  TEST_REQUIRED_VIEWS  Test that the schema contains all the required database views
   Completed schema test: TEST_REQUIRED_VIEWS --> Test that the schema contains all the required database views +++ PASS
   Starting index test for table MDS_ATTRIBUTES:  TEST_REQUIRED_INDEXES --> Test that the table contains all the required indexes
   Completed index test for table MDS_ATTRIBUTES: TEST_REQUIRED_INDEXES --> Test that the table contains all the required indexes +++ PASS
   Starting index test for table MDS_COMPONENTS:  TEST_REQUIRED_INDEXES --> Test that the table contains all the required indexes
   Completed index test for table MDS_TXN_LOCKS: TEST_REQUIRED_INDEXES --> Test that the table contains all the required indexes +++ PASS
   Starting schema test:  TEST_REQUIRED_TRIGGERS  Test that the schema has all the required triggers
   Completed schema test: TEST_REQUIRED_TRIGGERS --> Test that the schema has all the required triggers +++ PASS
   Starting schema test:  TEST_MISSING_COLUMNS  Test that tables and views are not missing any required columns
   Completed schema test: TEST_MISSING_COLUMNS --> Test that tables and views are not missing any required columns +++ PASS
   Starting schema test:  TEST_UNEXPECTED_TABLES  Test that the schema does not contain any unexpected tables
   Completed schema test: TEST_UNEXPECTED_TABLES --> Test that the schema does not contain any unexpected tables +++ PASS
   Starting schema test:  TEST_UNEXPECTED_PROCEDURES  Test that the schema does not contain any unexpected stored procedures
   Completed schema test: TEST_UNEXPECTED_PROCEDURES --> Test that the schema does not contain any unexpected stored procedures +++ PASS
   Starting schema test:  TEST_UNEXPECTED_VIEWS  Test that the schema does not contain any unexpected views
   Completed schema test: TEST_UNEXPECTED_VIEWS --> Test that the schema does not contain any unexpected views +++ PASS
   Starting index test for table MDS_ATTRIBUTES:  TEST_UNEXPECTED_INDEXES --> Test that the table does not contain any unexpected indexes
   Completed index test for table MDS_ATTRIBUTES: TEST_UNEXPECTED_INDEXES --> Test that the table does not contain any unexpected indexes +++ PASS
   Completed index test for table MDS_LABELS: TEST_UNEXPECTED_INDEXES --> Test that the table does not contain any unexpected indexes +++ PASS
   Starting index test for table MDS_LARGE_ATTRIBUTES:  TEST_UNEXPECTED_INDEXES --> Test that the table does not contain any unexpected indexes
   Starting schema test:  TEST_UNEXPECTED_TRIGGERS  Test that the schema does not contain any unexpected triggers
   Completed schema test: TEST_UNEXPECTED_TRIGGERS --> Test that the schema does not contain any unexpected triggers +++ PASS
   Starting schema test:  TEST_UNEXPECTED_COLUMNS  Test that tables and views do not contain any unexpected columns
   Completed schema test: TEST_UNEXPECTED_COLUMNS --> Test that tables and views do not contain any unexpected columns +++ PASS
   Starting datatype test for table MDS_ATTRIBUTES:  TEST_COLUMN_DATATYPES_V2 --> Test that all table columns have the proper datatypes
   Completed datatype test for table MDS_ATTRIBUTES: TEST_COLUMN_DATATYPES_V2 --> Test that all table columns have the proper datatypes +++ PASS
   Starting datatype test for table MDS_COMPONENTS:  TEST_COLUMN_DATATYPES_V2 --> Test that all table columns have the proper datatypes
   Starting permissions test:  TEST_DBA_TABLE_GRANTS  Test that DBA user has privilege to view all user tables
   Completed permissions test: TEST_DBA_TABLE_GRANTS --> Test that DBA user has privilege to view all user tables +++ PASS
   Starting schema test:  TEST_ENOUGH_TABLESPACE  Test that the schema tablespaces automatically extend if full
   Completed schema test: TEST_ENOUGH_TABLESPACE --> Test that the schema tablespaces automatically extend if full +++ PASS
   Starting schema test:  TEST_USER_TABLESPACE_QUOTA  Test that tablespace quota for this user is sufficient to perform the upgrade
   Completed schema test: TEST_USER_TABLESPACE_QUOTA --> Test that tablespace quota for this user is sufficient to perform the upgrade +++ PASS
   Starting schema test:  TEST_ONLINE_TABLESPACE  Test that schema tablespaces are online
   Completed schema test: TEST_ONLINE_TABLESPACE --> Test that schema tablespaces are online +++ PASS
   Starting schema test:  TEST_DATABASE_VERSION  Test that the database server version number is supported for upgrade
     INFO   Database product version: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
   Completed schema test: TEST_DATABASE_VERSION --> Test that the database server version number is supported for upgrade +++ PASS
   Finished readiness check of Oracle Metadata Services with status: FAILURE.

If you are running the 12.1.3.0 version of Oracle Fusion Middleware IAU Schemas, and those schemas were upgraded from 11g (11.1.1.7 and later) or 12c (12.1.2.0), your readiness check may fail with the following error:

Starting index test for table IAU_COMMON:  TEST_REQUIRED_INDEXES --> Test 
that the table contains all the required indexes 
     INFO Audit schema index DYN_EVENT_CATEGORY_INDEX in table IAU_COMMON is 
missing the required columns or index itself is missing. This maybe caused by 
a known issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_EVENT_TYPE_INDEX in table IAU_COMMON is 
missing the required columns or index itself is missing. This maybe caused by 
a known issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_TENANT_INDEX in table IAU_COMMON is missing 
the required columns or index itself is missing. This maybe caused by a known 
issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_USER_INDEX in table IAU_COMMON is missing 
the required columns or index itself is missing. This maybe caused by a known 
issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_COMPONENT_TYPE_INDEX in table IAU_COMMON is 
missing the required columns or index itself is missing. This maybe caused by 
a known issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_USER_TENANT_INDEX in table IAU_COMMON is 
missing the required columns or index itself is missing. This maybe caused by 
a known issue, anyway, this missing index will be added in 12.2.2 upgrade. 
   Completed index test for table IAU_COMMON: TEST_REQUIRED_INDEXES --> Test 
that the table contains all the required indexes +++ FAIL

Note:

You can ignore the missing index error in the readiness report. This is a known issue. The corresponding missing index is added during the schema upgrade operation. This error does not occur if the schema to be upgraded was created in 12c using the RCU.

OAM Configuration Upgrade Readiness Checks

The Upgrade Assistant (UA), when run in the readiness mode, performs several configuration upgrade validation checks. Ensure that each of these validation checks are successful before you proceed with the upgrade process.

Note:

For UA to perform the config upgrade readiness checks described below, ensure that you apply the latest bundle patch that contains the fix for Bug 32081498.

The UA performs the following validation checks:

• Validation of the OPSS and OAM Keystores (Check Name: OAM_OPSS_KEYSTORE_CHECK)

  The UA extracts the Credential Store Framework (CSF) key from both the OPSS keystore and the OAM keystore and compares them. If either of these keystores is corrupted, the read operation fails and consequently, the readiness check also fails. If the CSF keys are read successfully, they must be identical. Otherwise, the readiness check fails.

  Reasons for the readiness check failure and suggestions to resolve them:

  • If the readiness check fails because the jks key or the keystore-csf-key is not present in the CSF (the OAM keystore validation fails), modify or add the keystore password. See Doc ID 2710662.1 or Doc ID 2642638.1.
  • If the readiness check fails because the values of the jks key and the keystore-csf-key are not equal, correct the keystore-csf-key value to be same as the jks key value. See Doc ID 2710664.1 or Doc ID 2642638.1.
  • If the readiness check fails because the OAM keystore file (.oamkeystore) is not present, restore the file from a backup, and then restart the OAM administration server and the managed server to re-create the .oamkeystore file. See Doc ID 2710664.1.
  • If the readiness check fails to decrypt sslGlobalPassphrase, which is present in the oam-config.xml file, see Doc ID 2710716.1.
• Validation of OAM Configuration Version Consistency (Check Name: OAM_CONFIG_VERSION_CHECK)

  The UA verifies that the OAM configuration version that is set in the oam-config.xml file system is consistent with the version set in the database. The UA extracts the schema credentials and database connection details to fetch the oam-config version from the database. It then reads the version of oam-config.xml in the file system and compares the version with the oam-config version it fetched from the database. If the two versions match, the readiness check succeeds; otherwise, it fails.

  The version mismatch occurs when OAM uses the incorrect datasource name. Configure the correct OAM datasource to resolve the issue. See Doc ID 2492188.1.

• Validation of the Default Keystore File (Check Name: OAM_DEFAULT_KEYSTORE_CHECK)

  The UA checks the existence and validity of the default keystore file, default-keystore.jks. If the file is not present before the upgrade, readiness check fails. Restart the OAM server to generate the default-keystore.jks file.

  If the file exists, but fails to open using the CSF key, it is considered as invalid. The invalid file causes the readiness check to fail. This failure is shown as a failure to decrypt sslGlobalPassphrase, which is present in oam-config.xml.

  The invalid default-keystore.jks file may be due to the corrupt OAM key (oamKey). To resolve this issue, take a backup of the .oamkeystore file, remove it from <domain_home>/config/fmwconfig, restore the file from a backup, and then restart the OAM administration server and the managed server to re-create the .oamkeystore file. See Doc ID 2710664.1.

• Check for the Existence of Unsupported Agents (Check Name: OBSOLETE_AGENT_CHECK)
  The UA checks the existence of the following agents in the environment:

  • 10g OSSO agent
  • OpenSSO agent
  • OAM 10g WebGate agent
  • Coexistence agent

  If any of these agents exist, the readiness check requirement is not met. For a description of the unsupported agents, see Features Not Supported in Access Manager 12.2.1.3.0 in Release Notes for Oracle Identity Management.

  Remove the unsupported agents before you start the upgrade.

• Validation of the Coherence Keystore (Check Name: COHERENCE_KEYSTORE_CHECK)

  The UA extracts the CSF key from the keystore and loads the Coherence keystore. It then checks the presence of the key alias admin and the certificate alias assertion-cert in the Coherence keystore. Both the key values must be present in the keystore. This readiness check succeeds if the Coherence keystore is loaded properly and both the keys are present in it. Otherwise, the check fails.

  If the check fails, create the missing keys and values in the Coherence keystore, and then validate the keystore. See Doc ID 1986560.1.

Here is a sample Readiness Report file. This report shows the portion relevant to OAM schema and configuration upgrade readiness checks:

Upgrade readiness check completed with one or more errors.
 
This readiness check report was created on Wed Sep 16 15:50:33 PDT 2020
Log file is located at: /scratch/idmqa/tmp/ua2020-09-16-15-40-18PM.log
Readiness Check Report File: /scratch/idmqa/tmp/readiness2020-09-16-15-50-33PM.txt
Domain Directory: /scratch/idmqa/work/mw35/user_projects/domains/WLS_IDM
 
Starting readiness check of components.
 
...
 
Oracle Access Management Suite (Schema Upgrade)
   Starting readiness check of Oracle Access Management Suite.
     Schema User Name: UPG_OAM
     Database Type: Oracle Database
     Database Connect String: slc11ykm.us.oracle.com:1521:db6844
   Starting schema test:  TEST_DATABASE_VERSION  Test that the database server version number is supported for upgrade
     INFO   Database product version: Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
   Completed schema test: TEST_DATABASE_VERSION --> Test that the database server version number is supported for upgrade +++ PASS
   Starting schema test:  OAM_CONFIG_VERSION_CHECK  Test to check OAM Config version in Database and XML file are equal or not
     INFO OAM Config version from Database: 105
     INFO OAM Config version from XML: 105
     INFO OAM Config version in Database and oam-config.xml are equal
   Completed schema test: OAM_CONFIG_VERSION_CHECK --> Test to check OAM Config version in Database and XML file are equal or not +++ PASS
   Finished readiness check of Oracle Access Management Suite with status: SUCCESS.
 
...
 
Oracle Access Management Suite (Config Upgrade)
   Starting readiness check of Oracle Access Management Suite.
   Starting config test:  CUSTOM_AUTH_PROVIDER_CHECK  Check that custom auth provider exist.
   Completed config test: CUSTOM_AUTH_PROVIDER_CHECK --> Check that custom auth provider exist. +++ PASS
   Starting config test:  SOURCE_CONFIG_CHECK  Test that OAM System configuration is valid.
   Completed config test: SOURCE_CONFIG_CHECK --> Test that OAM System configuration is valid. +++ PASS
   Starting config test:  OAM_OPSS_KEYSTORE_CHECK.  Test that OAM and OPSS keys are valid.
   Completed config test: OAM_OPSS_KEYSTORE_CHECK. --> Test that OAM and OPSS keys are valid. +++ PASS
   Starting config test:  OAM_DEFAULT_KEYSTORE_CHECK  Check that the default keystore is present and valid
     INFO Checking default keystore file: /scratch/idmqa/work/mw35/user_projects/domains/WLS_IDM/config/fmwconfig//default-keystore.jks
     INFO Default keystore file exists and is valid
   Completed config test: OAM_DEFAULT_KEYSTORE_CHECK --> Check that the default keystore is present and valid +++ PASS
   Starting config test:  POLICY_PROVIDER_CHECK  Check that policy provider is valid
   Completed config test: POLICY_PROVIDER_CHECK --> Check that policy provider is valid +++ PASS
   Starting config test:  OBSOLETE_AGENT_CHECK  Check that no obsolete agent exist in oam-config.xml.
     INFO OAM agent co-existence setting is disabled.
     INFO No OpenSSO agent instance exist.
     INFO No OSSO agent instance exist.
     WARNING Please remove following 10G webgate agent before upgrade: IAMSuiteAgent.
   Completed config test: OBSOLETE_AGENT_CHECK --> Check that no obsolete agent exist in oam-config.xml. +++ FAIL
   Finished readiness check of Oracle Access Management Suite with status: FAILURE.
 
...
 
Finished readiness check of components.

Stopping Servers and Processes

Before you run the Upgrade Assistant to upgrade your schemas and configurations, you must shut down all of the pre-upgrade processes and servers, including the Administration Server, Node manager, and any managed servers.

An Oracle Fusion Middleware environment can consist of an Oracle WebLogic Server domain, an Administration Server, multiple managed servers, Java components, system components such as Identity Management components, and a database used as a repository for metadata. The components may be dependent on each other, so they must be stopped in the correct order.

Note:

The procedures in this section describe how to stop the existing, pre-upgrade servers and processes using the WLST command-line utility or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Administration Console. See Starting and Stopping Administration and Managed Servers and Node Manager.

Note:

Stop all of the servers in your deployment, except for the Database. The Database must be up during the upgrade process.

To stop your pre-upgrade Fusion Middleware environment, navigate to the pre-upgrade domain and follow the steps below.

Step 1: Stop System Components

To stop 11g system components, such as Oracle HTTP Server, use the opmnctl script:

Note:

If the Oracle HTTP server is shared with other services, then you can choose not to stop the Oracle HTTP server.

• (UNIX) OHS_INSTANCE_HOME/bin/opmnctl stopall

• (Windows) OHS_INSTANCE_HOME\bin\opmnctl stopall

You can stop system components in any order.

Step 2: Stop the Managed Servers

Depending on the method you followed to start the managed servers, follow one of the following methods to stop the WebLogic Managed Server:

Method 1: To stop a WebLogic Server Managed Server not managed by Node Manager:

• (UNIX) DOMAIN_HOME/bin/stopManagedWebLogic.sh managed_server_name admin_url

• (Windows) DOMAIN_HOME\bin\stopManagedWebLogic.cmd managed_server_name admin_url

When prompted, enter your user name and password.

Method 2: To stop a WebLogic Server Managed Server by using the Weblogic Console:

• Log into Weblogic console as a weblogic Admin.
• Go to Servers > Control tab.
• Select the required managed server.
• Click Shutdown.

Method 3: To stop a WebLogic Server Managed Server using node manager, run the following commands:

wls:/offline>nmConnect('nodemanager_username','nodemanager_password',
            'AdminServerHostName','5556','domain_name',
            'DOMAIN_HOME')

wls:/offline>nmKill('ManagedServerName')

Step 3: Stop the Administration Server

When you stop the Administration Server, you also stop the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control.

Follow one of the following methods to stop the Administration Server:

Method 1: To stop the Administration Server not managed by Node Manager:

• (UNIX) DOMAIN_HOME/bin/stopWebLogic.sh

• (Windows) DOMAIN_HOME\bin\stopWebLogic.cmd

When prompted, enter your user name, password, and the URL of the Administration Server.

Method 2: To stop a Administration Server by using the Weblogic Console:

• Log into Weblogic console as a weblogic Admin.
• Go to Servers > Control tab.
• Select the required admin server.
• Click Shutdown.

Method 3: To stop a WebLogic Server Managed Server using node manager, run the following commands:

wls:/offline>nmConnect('nodemanager_username','nodemanager_password',
            'AdminServerHostName','5556','domain_name',
            'DOMAIN_HOME')

wls:/offline>nmKill('AdminServer')

Step 4: Stop Node Manager

To stop Node Manager, run the following command:

kill $(ps -ef | grep nodemanager | awk '{print $2}')

Upgrading Product Schemas

After stopping servers and processes, use the Upgrade Assistant to upgrade supported product schemas to the current release of Oracle Fusion Middleware.

The Upgrade Assistant allows you to upgrade individually selected schemas or all schemas associated with a domain. The option you select determines which Upgrade Assistant screens you will use.

• Identifying Existing Schemas Available for Upgrade
  This optional task enables you to review the list of available schemas before you begin the upgrade by querying the schema version registry. The registry contains schema information such as version number, component name and ID, date of creation and modification, and custom prefix.
• Starting the Upgrade Assistant
  Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.
• Upgrading Oracle Access Manager Schemas Using the Upgrade Assistant
  Navigate through the screens in the Upgrade Assistant to upgrade the product schemas.
• Verifying the Schema Upgrade
  After completing all the upgrade steps, verify that the upgrade was successful by checking that the schema version in schema_version_registry has been properly updated.

Identifying Existing Schemas Available for Upgrade

This optional task enables you to review the list of available schemas before you begin the upgrade by querying the schema version registry. The registry contains schema information such as version number, component name and ID, date of creation and modification, and custom prefix.

You can let the Upgrade Assistant upgrade all of the schemas in the domain, or you can select individual schemas to upgrade. To help decide, follow these steps to view a list of all the schemas that are available for an upgrade:

1. If you are using an Oracle database, connect to the database by using an acount that has Oracle DBA privileges, and run the following from SQL*Plus:

   SET LINE 120
   COLUMN MRC_NAME FORMAT A14
   COLUMN COMP_ID FORMAT A20
   COLUMN VERSION FORMAT A12
   COLUMN STATUS FORMAT A9
   COLUMN UPGRADED FORMAT A8
   SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID;
   

2. Examine the report that is generated.

   If an upgrade is not needed for a schema, the schema_version_registry table retains the schema at its pre-upgrade version.

3. Note the schema prefix name that was used for your existing schemas. You will use the same prefix when you create new 12c schemas.

Notes:

• If you used an OID-based policy store in 11g, make sure to create a new OPSS schema before you perform the upgrade. After the upgrade, the OPSS schema remains an LDAP-based store.

• You can only upgrade schemas for products that are available for upgrade in Oracle Fusion Middleware release 12c (12.2.1.3.0). Do not attempt to upgrade a domain that includes components that are not yet available for upgrade to 12c (12.2.1.3.0).

Starting the Upgrade Assistant

Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.

To start the Upgrade Assistant:

Note:

Before you start the Upgrade Assistant, make sure that the JVM character encoding is set to UTF-8 for the platform on which the Upgrade Assistant is running. If the character encoding is not set to UTF-8, then you will not be able to download files containing Unicode characters in their names. This can cause the upgrade to fail.

To ensure that UTF-8 is used by the JVM, use the JVM option -Dfile.encoding=UTF-8.

1. Go to the oracle_common/upgrade/bin directory:
   • (UNIX) ORACLE_HOME/oracle_common/upgrade/bin
   • (Windows) ORACLE_HOME\oracle_common\upgrade\bin
2. Start the Upgrade Assistant:
   • (UNIX) ./ua
   • (Windows) ua.bat

Note:

In the above command, ORACLE_HOME refers to the 12c (12.2.1.3.0) Oracle Home.

For information about other parameters that you can specify on the command line, such as logging parameters, see:

• Upgrade Assistant Parameters
  

Upgrade Assistant Parameters

When you start the Upgrade Assistant from the command line, you can specify additional parameters.

Table 3-8 Upgrade Assistant Command-Line Parameters

Parameter	Required or Optional	Description
-readiness	Required for readiness checks Note: Readiness checks cannot be performed on standalone installations (those not managed by the WebLogic Server).	Performs the upgrade readiness check without performing an actual upgrade. Schemas and configurations are checked. Do not use this parameter if you have specified the -examine parameter.
-threads	Optional	Identifies the number of threads available for concurrent schema upgrades or readiness checks of the schemas. The value must be a positive integer in the range 1 to 8. The default is 4.
-response	Required for silent upgrades or silent readiness checks	Runs the Upgrade Assistant using inputs saved to a response file generated from the data that is entered when the Upgrade Assistant is run in GUI mode. Using this parameter runs the Upgrade Assistant in silent mode (without displaying Upgrade Assistant screens).
-examine	Optional	Performs the examine phase but does not perform an actual upgrade. Do not specify this parameter if you have specified the -readiness parameter.
-logLevel attribute	Optional	Sets the logging level, specifying one of the following attributes: TRACE NOTIFICATION WARNING ERROR INCIDENT_ERROR The default logging level is NOTIFICATION. Consider setting the -logLevel TRACE attribute to so that more information is logged. This is useful when troubleshooting a failed upgrade. The Upgrade Assistant's log files can become very large if -logLevel TRACE is used.
-logDir location	Optional	Sets the default location of upgrade log files and temporary files. You must specify an existing, writable directory where the Upgrade Assistant creates log files and temporary files. The default locations are: (UNIX) ORACLE_HOME/oracle_common/upgrade/logs ORACLE_HOME/oracle_common/upgrade/temp (Windows) ORACLE_HOME\oracle_common\upgrade\logs ORACLE_HOME\oracle_common\upgrade\temp
-help	Optional	Displays all of the command-line options.

Upgrading Oracle Access Manager Schemas Using the Upgrade Assistant

Navigate through the screens in the Upgrade Assistant to upgrade the product schemas.

Caution:

You can skip this step if you have already upgraded your schemas using RCU.

Note:

• If the pre-upgrade environment has Audit schema (IAU), you must first upgrade Audit schema only, using the Individually Selected Schema option on the Selected Schemas screen, and selecting Oracle Audit Services schema. Ensure that you select the appropriate IAU schema from the list of available IAU schemas. The upgrade assistant will not detect the corresponding IAU schema from the provided domain directory automatically. Hence, you must select it manually. Once the IAU schema is upgraded, run the Upgrade Assistant again to upgrade the remaining schemas using the All Schema Used by a domain option on the Selected Schemas screen.

• If there is no Audit schema (IAU) in your pre-upgrade environment, use the All Schema Used by a Domain option on the Selected Schemas screen and proceed.

• To check whether the pre-upgrade environment has the IAU schema, run the following SQL command using the user with sysdba privileges:

  select username from dba_users where username like '%IAU%';

  This command lists the IAU schemas available in your configured database.

To upgrade product schemas with the Upgrade Assistant:

1. On the Welcome screen, review an introduction to the Upgrade Assistant and information about important pre-upgrade tasks. Click Next.

   Note:

   For more information about any Upgrade Assistant screen, click Help on the screen.
2. On the Selected Schemas screen, select the schema upgrade operation that you want to perform:
   • Individually Selected Schemas if you want to select individual schemas for upgrade and you do not want to upgrade all of the schemas used by the domain.

     Caution:

     Upgrade only those schemas that are used to support your 12c (12.2.1.3.0) components. Do not upgrade schemas that are currently being used to support components that are not included in Oracle Fusion Middleware 12c (12.2.1.3.0).
   • All Schemas Used by a Domain to allow the Upgrade Assistant to discover and select all components that have a schema available to upgrade in the domain specified in the Domain Directory field. This is also known as a domain assisted schema upgrade. Additionally, the Upgrade Assistant pre-populates connection information on the schema input screens.

     Note:

     Oracle recommends that you select All Schemas Used by a Domain for most upgrades to ensure all of the required schemas are included in the upgrade.

   Note:

   If your 11g domain contains Oracle Identity Navigator, choose Individually Selected Schemas and select only the Oracle Access Manager (OAM) and the OAM-related schemas.

   Do not select Oracle Identity Navigator (OIN) and OIN-related schemas, as Oracle Identity Navigator is not supported in 12c.

   Click Next.

3. If you selected Individually Selected Schemas: On the Available Components screen, select the components for which you want to upgrade schemas. When you select a component, the schemas and any dependencies are automatically selected.

   If you selected All schemas used by a domain: On the Create Schema screen, enter the necessary Database details. This retrieves all of the schemas in the domain.

   Click Next.

4. On the Prerequisites screen, acknowledge that the prerequisites have been met by selecting all the check boxes. Click Next.

   Note:

   The Upgrade Assistant does not verify whether the prerequisites have been met.
5. On the Schema Credentials screen(s), specify the database connection details for each schema you are upgrading (the screen name changes based on the schema selected):

   • Select the database type from the Database Type drop-down menu.

   • Enter the database connection details, and click Connect.

   • Select the schema you want to upgrade from the Schema User Name drop-down menu, and then enter the password for the schema. Be sure to use the correct schema prefix for the schemas you are upgrading.

     Note:

     The component ID or schema name is changed for UCSUMS schema as of release 12.1.2, which means the Upgrade Assistant does not automatically recognize the possible schemas and display them in a drop-down list. You must manually enter the name in a text field. The name can be either prefix_ORASDPM or prefix_UMS, depending on the starting point for the upgrade.

     The UCSUMS schema is not auto-populated. Enter prefix_ORASDPM as the user. The upgrade environment uses _ORASDPM as the schema name, whereas in the 12c environment it is referred to as _UMS.

6. On the Examine screen, review the status of the Upgrade Assistant as it examines each schema, verifying that the schema is ready for upgrade. If the status is Examine finished, click Next.
   If the examine phase fails, Oracle recommends that you cancel the upgrade by clicking No in the Examination Failure dialog. Click View Log to see what caused the error and refer to Troubleshooting Your Upgrade in Upgrading with the Upgrade Assistant for information on resolving common upgrade errors.

   Note:

   • If you resolve any issues detected during the examine phase without proceeding with the upgrade, you can start the Upgrade Assistant again without restoring from backup. However, if you proceed by clicking Yes in the Examination Failure dialog box, you need to restore your pre-upgrade environment from backup before starting the Upgrade Assistant again.

   • Canceling the examination process has no effect on the schemas or configuration data; the only consequence is that the information the Upgrade Assistant has collected must be collected again in a future upgrade session.

7. On the Upgrade Summary screen, review the summary of the options you have selected for schema upgrade.
   Verify that the correct Source and Target Versions are listed for each schema you intend to upgrade.
   If you want to save these options to a response file to run the Upgrade Assistant again later in response (or silent) mode, click Save Response File and provide the location and name of the response file. A silent upgrade performs exactly the same function that the Upgrade Assistant performs, but you do not have to manually enter the data again.
   Click Upgrade to start the upgrade process.
8. On the Upgrade Progress screen, monitor the status of the upgrade.

   Caution:

   Allow the Upgrade Assistant enough time to perform the upgrade. Do not cancel the upgrade operation unless absolutely necessary. Doing so may result in an unstable environment.
   If any schemas are not upgraded successfully, refer to the Upgrade Assistant log files for more information.

   Note:

   The progress bar on this screen displays the progress of the current upgrade procedure. It does not indicate the time remaining for the upgrade.

   Click Next.

9. If the upgrade is successful: On the Upgrade Success screen, click Close to complete the upgrade and close the wizard.

   If the upgrade fails: On the Upgrade Failure screen, click View Log to view and troubleshoot the errors. The logs are available at ORACLE_HOME/oracle_common/upgrade/logs.

   Note:

   If the upgrade fails, you must restore your pre-upgrade environment from backup, fix the issues, then restart the Upgrade Assistant.

Verifying the Schema Upgrade

After completing all the upgrade steps, verify that the upgrade was successful by checking that the schema version in schema_version_registry has been properly updated.

If you are using an Oracle database, connect to the database as a user having Oracle DBA privileges, and run the following from SQL*Plus to get the current version numbers:

SET LINE 120
COLUMN MRC_NAME FORMAT A14
COLUMN COMP_ID FORMAT A20
COLUMN VERSION FORMAT A12
COLUMN STATUS FORMAT A9
COLUMN UPGRADED FORMAT A8
SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID ;

In the query result:

• Check that the number in the VERSION column matches the latest version number for that schema. For example, verify that the schema version number is 12.2.1.3.0.

  Note:

  However, that not all schema versions will be updated. Some schemas do not require an upgrade to this release and will retain their pre-upgrade version number.

• The STATUS field will be either UPGRADING or UPGRADED during the schema patching operation, and will become VALID when the operation is completed.

• If the status appears as INVALID, the schema update failed. You should examine the logs files to determine the reason for the failure.

• Synonym objects owned by IAU_APPEND and IAU_VIEWER will appear as INVALID, but that does not indicate a failure.

  They become invalid because the target object changes after the creation of the synonym. The synonyms objects will become valid when they are accessed. You can safely ignore these INVALID objects.

Note:

Undo any non-SSL port changes and any non-SYSDBA user that you made when preparing for the upgrade.

About Reconfiguring the Domain

Run the Reconfiguration Wizard to reconfigure your domain component configurations to 12c (12.2.1.3.0).

When you reconfigure a WebLogic Server domain, the following items are automatically updated, depending on the applications in the domain:

• WebLogic Server core infrastructure

• Domain version

Note:

Before you begin the domain reconfiguration, note the following limitations:

• The Reconfiguration Wizard does not update any of your own applications that are included in the domain.

• Transforming a non-dynamic cluster domain to a dynamic cluster domain during the upgrade process is not supported.

  The dynamic cluster feature is available when running the Reconfiguration Wizard, but Oracle only supports upgrading a non-dynamic cluster upgrade and then adding dynamic clusters. You cannot add dynamic cluster during the upgrade process.

Specifically, when you reconfigure a domain, the following occurs:

• The domain version number in the config.xml file for the domain is updated to the Administration Server's installed WebLogic Server version.

• Reconfiguration templates for all installed Oracle products are automatically selected and applied to the domain. These templates define any reconfiguration tasks that are required to make the WebLogic domain compatible with the current WebLogic Server version.

• Start scripts are updated.

  If you want to preserve your modified start scripts, be sure to back them up before starting the Reconfiguration Wizard.

Note:

When the domain reconfiguration process starts, you can’t undo the changes that it makes. Before running the Reconfiguration Wizard, ensure that you have backed up the domain as covered in the pre-upgrade checklist. If an error or other interruption occurs while running the Reconfiguration Wizard, you must restore the domain by copying the files and directories from the backup location to the original domain directory. This is the only way to ensure that the domain has been returned to its original state before reconfiguration.

Follow these instructions to reconfigure the existing domain using the Reconfiguration Wizard. See Reconfiguring WebLogic Domains in Upgrading Oracle WebLogic Server.

• Backing Up the Domain
  
• Starting the Reconfiguration Wizard
  
• Reconfiguring the Oracle Access Manager Domain
  Navigate through the screens in the Reconfiguration Wizard to reconfigure your existing 11g domain.

Backing Up the Domain

Before running the Reconfiguration Wizard, create a backup copy of the domain directory.

To create a backup of the Administration server domain directory:

1. Copy the source domain to a separate location to preserve the contents.

   (Windows) copy /home/Oracle/config/domains to /home/Oracle/config/domains_backup.

   (UNIX) cp -rf domains domains_backup

2. For HA environments, before updating the domain on each remote Managed Server, create a backup copy of the domain directory on each remote machine.
3. Verify that the backed up versions of the domain are complete.

If domain reconfiguration fails for any reason, you must restore all files and directories from the backup directory into the original domain directory to ensure that the domain is returned entirely to its original state before reconfiguration.

Starting the Reconfiguration Wizard

Note:

Shut down the administration server and all collocated managed servers before starting the reconfiguration process. See Stopping Servers and Processes.

To start the Reconfiguration Wizard in graphical mode:

1. Open the command shell (on UNIX operating systems) or open a command prompt window (on Windows operating systems).
2. Edition Based Database Users Only: If your schemas are configured with EBR database, a default edition name must be manually supplied before you run the Reconfiguration Wizard.
   Run the following SQL command to set the default edition:

   ALTER DATABASE DEFAULT EDITION = edition_name;

   where edition_name is the child edition name.

3. Go to the oracle_common/common/bin directory:
   • (UNIX) ORACLE_HOME/oracle_common/common/bin
   • (Windows) ORACLE_HOME\oracle_common\commom\bin

   Where, ORACLE_HOME is the 12c Oracle Home.

4. Start the Reconfiguration Wizard:
   The ./reconfig.sh command, might display the following error to indicate that the default cache directory is not valid:

   *sys-package-mgr*: can't create package cache dir
   

   So, first, change the cache directory by setting the environment variable CONFIG_JVM_ARGS.

   For example: CONFIG_JVM_ARGS=-Dpython.cachedir=valid_directory

   Start the Reconfiguration Wizard with the following logging options:

   • (UNIX) ./reconfig.sh -log=log_file -log_priority=ALL
   • (Windows) reconfig.cmd -log=log_file -log_priority=ALL

   where log_file is the absolute path of the log file you'd like to create for the domain reconfiguration session. This can be helpful if you need to troubleshoot the reconfiguration process.

   The parameter -log_priority=ALL ensures that logs are logged in fine mode.

Reconfiguring the Oracle Access Manager Domain

Navigate through the screens in the Reconfiguration Wizard to reconfigure your existing 11g domain.

Note:

If the source is a clustered environment, run the Reconfiguration Wizard on the primary node only. Where, primary node is the Administration Server. Use the pack/unpack utility to apply the changes to other cluster members in the domain.

To reconfigure the domain with the Reconfiguration Wizard:

1. On the Select Domain screen, specify the location of the domain you want to upgrade or click Browse to navigate and select the domain directory. Click Next.
2. On the Reconfiguration Setup Progress screen, view the progress of the setup process. When complete, click Next.
   During this process:

   • The reconfiguration templates for your installed products, including Fusion Middleware products, are automatically applied. This updates various domain configuration files such as config.xml, config-groups.xml, and security.xml (among others).

   • Schemas, scripts, and other such files that support your Fusion Middleware products are updated.

   • The domain upgrade is validated.

3. On the Domain Mode and JDK screen, select the JDK to use in the domain or click Browse to navigate to the JDK you want to use. The supported JDK version for 12c (12.2.1.3.0) is 1.8.0_131 and later. Click Next.

   Note:

   You cannot change the Domain Mode at this stage.
   For a list of JDKs that are supported for a specific platform, see Oracle Fusion Middleware Supported System Configurations.
4. On the Database Configuration Type screen, select RCU Data to connect to the Server Table (_STB) schema.
   Enter the database connection details using the RCU service table (_STB) schema credentials and click Get RCU Configuration.
   The Reconfiguration Wizard uses this connection to automatically configure the data sources required for components in your domain.

   Note:

   By default Oracle’s Driver (Thin) for Service connections; Versions: Any is the selected driver. If you specified an instance name in your connection details — instead of the service name — you must select Oracle’s Driver (Thin) for pooled instance connections; Versions: Any If you do not change the driver type, then the connection will fail.

   For information about selecting grid link for RAC databases in HA environments, see Access Manager High Availability Architecture.

   Note:

   For any existing 11g datasource, the reconfiguration will preserve the existing values. For new datasources where the schema was created for 12c by the RCU, the default connection data will be retrieved from the _STB schema. If no connection data for a given schema is found in the _STB schema, then the default connection data is used.
   If the check is successful, click Next. If the check fails, reenter the connection details correctly and try again.

   Note:

   If your database has _OPSS or _IAU 11g database schemas, you must manually enter database connection details for those schemas. These schemas were not required in 11g and had to be created manually. Users could assign any name to these schemas, therefore the Reconfiguration Wizard does not recognize them. When providing connection information for _IAU, use the IAU_APPEND user information.
5. On the JDBC Component Schema screen, verify that the DBMS/Service and the Host name is correct for the following component schemas:
   • OPSS Audit schema
   • OPSS Audit viewer schema
   • OPSS schema

   If you are connecting to a RAC database, select each of the schemas you want to update and click Convert to Grid Link. Click Next to update the Service Name, Schema Password, SCAN, Hostname/Port, ONS Host/Port.

   Click Next.

6. On the JDBC Component Schema Test screen, select all the component schemas and click Test Selected Connections to test the connection for each schema. The result of the test is indicated in the Status column.
   When the check is complete, click Next.
7. On the Node Manager screen, select the appropriate Node Manager Type based on your requirements, specify the details, and click Next.

   Note:

   There are two types of node managers. It is recommend to use the domain-based node manager, so that, you can have different versions of the node manager for each domain.
8. On the Advanced Configuration screen, select Administration Server, Topology, and Deployments and Services. Select Domain Frontend Host Capture if required.
   For each of the categories you select, the appropriate configuration screen is displayed to allow you to perform advanced configuration.

   Note:

   Ensure that you assign oam_server1 or the OAM managed server name used to the server group OAM-MDG-SVRS, and oam_policy_mgr1 to the server group OAM-POLICY-MANAGED-SERVER.
9. On the Configuration Summary screen, review the detailed configuration settings of the domain before continuing.
   You can limit the items that are displayed in the right-most panel by selecting a filter option from the View drop-down list.
   To change the configuration, click Back to return to the appropriate screen. To reconfigure the domain, click Reconfig.

   Note:

   The location of the domain does not change when you reconfigure it.
10. The Reconfiguration Progress screen displays the progress of the reconfiguration process.
    During this process:

    • Domain information is extracted, saved, and updated.

    • Schemas, scripts, and other such files that support your Fusion Middleware products are updated.

    When the progress bar shows 100%, click Next.
11. The End of Configuration screen indicates whether the reconfiguration process completed successfully or failed. It also displays the location of the domain that was reconfigured as well as the Administration Server URL (including the listen port). If the reconfiguration is successful, it displays Oracle WebLogic Server Reconfiguration Succeeded.
    If the reconfiguration process did not complete successfully, an error message is displayed indicates the reason. Take appropriate action to resolve the issue. If you cannot resolve the issue, contact My Oracle Support.
    Note the Domain Location and the Admin Server URL for further operations.

Upgrading Domain Component Configurations

After reconfiguring the domain, use the Upgrade Assistant to upgrade the domain component configurations inside the domain to match the updated domain configuration.

• Starting the Upgrade Assistant
  Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.
• Upgrading Oracle Access Manager Domain Component Configurations
  Navigate through the screens in the Upgrade Assistant to upgrade component configurations in the WebLogic domain.
• Removing the Oracle Mobile Security Manager Servers Footprint
  This activity applies only to Oracle Access Manager 11g (OAM 11.1.23.x) environments that used the Oracle Mobile Security Manager (OMSM) application and have been upgraded to Oracle Access Manager 12c (12.2.1.3.0).
• Starting Servers and Processes
  After a successful upgrade, start all processes and servers, including the Administration Server and any Managed Servers.
• Verifying the Domain-Specific-Component Configurations Upgrade
  To verify that the domain-specific-component configurations upgrade was successful, sign in to the Administration console and the Oracle Enterprise Manager Fusion Middleware Control and verify that the version numbers for each component is 12.2.1.3.0.

Starting the Upgrade Assistant

Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.

To start the Upgrade Assistant:

Note:

Before you start the Upgrade Assistant, make sure that the JVM character encoding is set to UTF-8 for the platform on which the Upgrade Assistant is running. If the character encoding is not set to UTF-8, then you will not be able to download files containing Unicode characters in their names. This can cause the upgrade to fail.

To ensure that UTF-8 is used by the JVM, use the JVM option -Dfile.encoding=UTF-8.

1. Go to the oracle_common/upgrade/bin directory:
   • (UNIX) ORACLE_HOME/oracle_common/upgrade/bin
   • (Windows) ORACLE_HOME\oracle_common\upgrade\bin
2. Start the Upgrade Assistant:
   • (UNIX) ./ua
   • (Windows) ua.bat

Note:

In the above command, ORACLE_HOME refers to the 12c (12.2.1.3.0) Oracle Home.

For information about other parameters that you can specify on the command line, such as logging parameters, see:

• Upgrade Assistant Parameters
  

Upgrade Assistant Parameters

When you start the Upgrade Assistant from the command line, you can specify additional parameters.

Table 3-9 Upgrade Assistant Command-Line Parameters

Parameter	Required or Optional	Description
-readiness	Required for readiness checks Note: Readiness checks cannot be performed on standalone installations (those not managed by the WebLogic Server).	Performs the upgrade readiness check without performing an actual upgrade. Schemas and configurations are checked. Do not use this parameter if you have specified the -examine parameter.
-threads	Optional	Identifies the number of threads available for concurrent schema upgrades or readiness checks of the schemas. The value must be a positive integer in the range 1 to 8. The default is 4.
-response	Required for silent upgrades or silent readiness checks	Runs the Upgrade Assistant using inputs saved to a response file generated from the data that is entered when the Upgrade Assistant is run in GUI mode. Using this parameter runs the Upgrade Assistant in silent mode (without displaying Upgrade Assistant screens).
-examine	Optional	Performs the examine phase but does not perform an actual upgrade. Do not specify this parameter if you have specified the -readiness parameter.
-logLevel attribute	Optional	Sets the logging level, specifying one of the following attributes: TRACE NOTIFICATION WARNING ERROR INCIDENT_ERROR The default logging level is NOTIFICATION. Consider setting the -logLevel TRACE attribute to so that more information is logged. This is useful when troubleshooting a failed upgrade. The Upgrade Assistant's log files can become very large if -logLevel TRACE is used.
-logDir location	Optional	Sets the default location of upgrade log files and temporary files. You must specify an existing, writable directory where the Upgrade Assistant creates log files and temporary files. The default locations are: (UNIX) ORACLE_HOME/oracle_common/upgrade/logs ORACLE_HOME/oracle_common/upgrade/temp (Windows) ORACLE_HOME\oracle_common\upgrade\logs ORACLE_HOME\oracle_common\upgrade\temp
-help	Optional	Displays all of the command-line options.

Upgrading Oracle Access Manager Domain Component Configurations

Navigate through the screens in the Upgrade Assistant to upgrade component configurations in the WebLogic domain.

After running the Reconfiguration Wizard to reconfigure the WebLogic domain to 12c (12.2.1.3.0), you must run the Upgrade Assistant to upgrade the domain component configurations to match the updated domain configuration.

To upgrade domain component configurations with the Upgrade Assistant:

1. On the Welcome screen, review an introduction to the Upgrade Assistant and information about important pre-upgrade tasks. Click Next.

   Note:

   For more information about any Upgrade Assistant screen, click Help on the screen.
2. On the next screen:

   • Select All Configurations Used By a Domain. The screen name changes to WebLogic Components.

   • In the Domain Directory field, enter the 11.1.2.3.0 domain directory path.

   Click Next.

3. On the Component List screen, verify that the list includes all the components for which you want to upgrade configurations and click Next.
   If you do not see the components you want to upgrade, click Back to go to the previous screen and specify a different domain.
4. On the Prerequisites screen, acknowledge that the prerequisites have been met by selecting all the check boxes. Click Next.

   Note:

   The Upgrade Assistant does not verify whether the prerequisites have been met.
5. On the Examine screen, review the status of the Upgrade Assistant as it examines each component, verifying that the component configuration is ready for upgrade. If the status is Examine finished, click Next.
   If the examine phase fails, Oracle recommends that you cancel the upgrade by clicking No in the Examination Failure dialog. Click View Log to see what caused the error and refer to Troubleshooting Your Upgrade in Upgrading with the Upgrade Assistant for information on resolving common upgrade errors.

   Note:

   • If you resolve any issues detected during the examine phase without proceeding with the upgrade, you can start the Upgrade Assistant again without restoring from backup. However, if you proceed by clicking Yes in the Examination Failure dialog box, you need to restore your pre-upgrade environment from backup before starting the Upgrade Assistant again.

   • Canceling the examination process has no effect on the configuration data; the only consequence is that the information the Upgrade Assistant has collected must be collected again in a future upgrade session.

6. On the Upgrade Summary screen, review the summary of the options you have selected for component configuration upgrade.
   The response file collects and stores all the information that you have entered, and enables you to perform a silent upgrade at a later time. The silent upgrade performs exactly the same function that the Upgrade Assistant performs, but you do not have to manually enter the data again. If you want to save these options to a response file, click Save Response File and provide the location and name of the response file.
   Click Upgrade to start the upgrade process.
7. On the Upgrade Progress screen, monitor the status of the upgrade.

   Caution:

   Allow the Upgrade Assistant enough time to perform the upgrade. Do not cancel the upgrade operation unless absolutely necessary. Doing so may result in an unstable environment.
   If any components are not upgraded successfully, refer to the Upgrade Assistant log files for more information.

   Upgrade Assistant log files location:

   • (UNIX) ORACLE_HOME/oracle_common/upgrade/logs/ua<timestamp>.log
   • (Windows) ORACLE_HOME\oracle_common\upgrade\logs\ua<timestamp>.log

   Note:

   The progress bar on this screen displays the progress of the current upgrade procedure. It does not indicate the time remaining for the upgrade.

   Click Next.

8. If the upgrade is successful: On the Upgrade Success screen, click Close to complete the upgrade and close the wizard. The Post-Upgrade Actions window describes the manual tasks you must perform to make components functional in the new installation. This window appears only if a component has post-upgrade steps.
   If the upgrade fails: On the Upgrade Failure screen, click View Log to view and troubleshoot the errors. The logs are available at ORACLE_HOME/oracle_common/upgrade/logs.

   Note:

   If the upgrade fails you must restore your pre-upgrade environment from backup, fix the issues, then restart the Upgrade Assistant.

Removing the Oracle Mobile Security Manager Servers Footprint

This activity applies only to Oracle Access Manager 11g (OAM 11.1.23.x) environments that used the Oracle Mobile Security Manager (OMSM) application and have been upgraded to Oracle Access Manager 12c (12.2.1.3.0).

Oracle Mobile Security Manager (OMSM) application is not supported in OAM 12c (12.2.1.3.0). Therefore, Oracle recommends you to remove all components of OMSM. Removing all components will avoid any potential issues if the WebLogic Server Managed Server that runs the OMSM application gets started accidentally.

You have to remove the OMSM components from the following areas:

• The WebLogic Server Managed Server(s)
• The product's directory structure
• The database schema

• Removing the WebLogic Server OMSM Managed Server(s) From the Domain
  
• Removing the WebLogic Server OMSM Managed Server(s) From the Directory Structure
  
• Removing the OMSM Server Schema Objects From the Database
  

Removing the WebLogic Server OMSM Managed Server(s) From the Domain

To remove the WebLogic Server OMSM Managed Server(s) from the domain:

1. Ensure that only the WebLogic Server Administration Server is running.
2. Access and log in to the WebLogic Server Console.
3. Click Environment, select Clusters, and then Coherence Cluster.
4. Select the cluster name that contains the names of members that include the OMSM server(s).
5. Click the Members tab, uncheck the OMSM server(s), and click Save.
6. Click Environment and select Servers.
7. Select the OMSM server(s) (check it), and click Delete.
8. Depending on the WebLogic Server type, Production or Development, perform the additional steps to activate the changes.
   The WebLogic Server Managed OMSM Server(s) is now no longer present.
9. Log out of the WebLogic Server Administration application.

Removing the WebLogic Server OMSM Managed Server(s) From the Directory Structure

To remove the WebLogic Server OMSM Managed Server(s) from the directory structure:

1. Verify that the WebLogic Server Administration Server and Managed Servers are stopped.
2. From a terminal prompt, navigate to the DOMAIN_HOME/servers location.
3. Run the ls command.

   The list of server names is displayed. Make a note of the name of the OMSM Server(s).

   For example:

   wls_msm1, wls_msm2, and so on.

4. Run the following command to remove the OMSM Server(s):

   rm -rf MSM_Server

   In the above command, MSM_Server is the name of the Oracle Mobile Security Manager (OMSM) server. For example:

   rm -rf wls_msm1

   Repeat this step as needed for any additional OMSM Server(s).

   Now the OMSM Server(s) directory structure is no longer present:

   m wls_msm1

Removing the OMSM Server Schema Objects From the Database

To remove the Oracle Mobile Security Manager (MSM) schema objects:

1. Verify that the WebLogic Server Administration Server and Managed Servers are stopped.
2. Using your preferred tool, connect to the database system schema and run the following query:

   SET LINE 120
   COLUMN MRC_NAME FORMAT A14
   COLUMN COMP_ID FORMAT A20
   COLUMN VERSION FORMAT A12
   COLUMN STATUS FORMAT A9
   COLUMN UPGRADED FORMAT A8
   SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM
   SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID;

   The query result shows COMP_ID as OMSM. Note the OWNER.

3. Use the 11.1.1.9.0 Repository Creation Utility (RCU) to drop the OMSM schema.
   1. Run the following command to start the RCU application:

      /rcu

   2. On the Welcome screen, click Next.
   3. On the Create Repository screen, select Drop Repository, and click Next.
   4. Specify the database connection credentials, as described in the following table:

      Table 3-10 Database Connection Details

      Option	Description and Example
      Host Name	Specify the name of the server where your database is running, in the following format: <FQDN> For Oracle RAC databases, specify the VIP name or the name of one of the nodes.
      Port	Specify the port number for your database. The default port number for Oracle databases is 1521.
      Service Name	Specify the service name for the database. Typically, the service name is same as the global database name. For Oracle RAC databases, specify the service name of one of the nodes. For example: <INSTANCE_NAME_FQDN>
      Username	Specify the user name for your database. The default user name is SYS.
      Password	Specify the password for the database user.
      Role	Select the database user's role from the drop-down list: Normal or SYSDBA.

      Click Next.

      A separate dialog window appears while RCU checks connectivity and the database prerequisites. When the database checking passes without errors, click OK to dismiss the dialog window and go to the next screen.

   5. On the Summary screen, review the information and click Drop to drop the schemas.
   6. On the Completion Summary screen, note the location of the log files and click Close to dismiss the screen.
4. Repeat Step 1 and run the following query:

   SET LINE 120
   COLUMN MRC_NAME FORMAT A14
   COLUMN COMP_ID FORMAT A20
   COLUMN VERSION FORMAT A12
   COLUMN STATUS FORMAT A9
   COLUMN UPGRADED FORMAT A8
   SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM
   SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID;

   The COMP_ID OMSM is now not available in the query result.

5. Start the WebLogic Server Administration server and the Managed servers.

Starting Servers and Processes

After a successful upgrade, start all processes and servers, including the Administration Server and any Managed Servers.

The components may be dependent on each other so they must be started in the correct order.

Note:

The procedures in this section describe how to start servers and process using the WLST command line or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Administration Console. See Starting and Stopping Administration and Managed Servers and Node Manager in Administering Oracle Fusion Middleware.

To start your Fusion Middleware environment, follow the steps below.

Step 1: Start Node Manager

Starting the Node Manager in the Administration Server domain home:

• (UNIX) nohup ./startNodeManager.sh > DOMAIN_HOME/nodemanager/nodemanager.out 2>&1 &

• (Windows) nohup .\startNodeManager.sh > DOMAIN_HOME\nodemanager\nodemanager.out 2>&1 &

Step 2: Start the Administration Server

When you start the Administration Server, you also start the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control.

To start the Administration Server, use the startWebLogic script:

• (UNIX) DOMAIN_HOME/bin/startWebLogic.sh

• (Windows) DOMAIN_HOME\bin\startWebLogic.cmd

When prompted, enter your user name, password, and the URL of the Administration Server.

Step 3: Start the Managed Servers

Method 1: Start a WebLogic Server Managed Server by using the Weblogic Console:

• Log into Weblogic console as a weblogic Admin.
• Go to Servers > Control tab.
• Select the required managed server.
• Click Start.

Method 2: Start a WebLogic Server Managed Server by using the startManagedWebLogic script:

• (UNIX) DOMAIN_HOME/bin/startManagedWebLogic.sh managed_server_name admin_url

• (Windows) DOMAIN_HOME\bin\startManagedWebLogic.cmd managed_server_name admin_url

When prompted, enter your user name and password.

Note:

• The startup of a Managed Server will typically start the applications that are deployed to it. Therefore, it should not be necessary to manually start applications after the Managed Server startup.
• The Mobile Security Manager (MSM) servers are not supported in 12c. After restarting the servers, the 11g configurations of MSM servers, like omsm_server1 or WLS_MSM1, might remain. Ignore these configurations and do not restart the MSM servers.

Verifying the Domain-Specific-Component Configurations Upgrade

To verify that the domain-specific-component configurations upgrade was successful, sign in to the Administration console and the Oracle Enterprise Manager Fusion Middleware Control and verify that the version numbers for each component is 12.2.1.3.0.

To sign in to the Administration Console, go to: http://administration_server_host:administration_server_port/console

To sign in to the Administration Console in an EDG deployment, see Validating the Virtual Server Configuration and Access to the Consoles.

To sign in to Oracle Enterprise Manager Fusion Middleware Control Console, go to: http://administration_server_host:administration_server_port/em

Note:

• After upgrade, ensure you run the administration tools from the new 12c Oracle home directory and not from the previous Oracle home directory.
• During the upgrade process, some OWSM documents, including policy sets and predefined documents such as policies and assertion templates, may need to be upgraded. If a policy set or a predefined document is upgraded, its version number is incremented by 1.
• In the site-specific configuration, the WebLogic and EM consoles must be accessible with the URLs either directly or through proxy URLs.

Performing Post-Upgrade Tasks

After performing the upgrade of Oracle Access Manager to 12c (12.2.1.3), you should complete the tasks summarized in this section, if required.

This section includes the following tasks:

• WebGates Configuration Fails during Authentication
  WebGates configured with the hmacEnabled=true in environments where globalHMACEnabled is not set to true fails during authentication.
• Updating the java.security File
  If you have multiple components of Oracle Identity and Access Management (Oracle Access Manager, Oracle Identity Manager, WebGates and so on) deployed, until you upgrade all of the components to 12c (12.2.1.3.0), you must update the java.security file with the changes described in this section.

WebGates Configuration Fails during Authentication

WebGates configured with the hmacEnabled=true in environments where globalHMACEnabled is not set to true fails during authentication.

To solve this issue, apply patch 12.2.1.3.181016 or later.

For more information, see Upgrading to OHS/OTD 12c WebGate.

Updating the java.security File

If you have multiple components of Oracle Identity and Access Management (Oracle Access Manager, Oracle Identity Manager, WebGates and so on) deployed, until you upgrade all of the components to 12c (12.2.1.3.0), you must update the java.security file with the changes described in this section.

To do this:

1. Open the java.security file located at JAVA_HOME/jre/lib/security/ in an editor.
2. Remove TLSv1, TLSv1.1, MD5withRSA from the following key:
   key - jdk.tls.disabledAlgorithms
3. Remove MD5 from the following key:
   key - jdk.certpath.disabledAlgorithms

For more information on possible upgrade scenarios, see Troubleshooting Security Policy Issues When Upgrading.

Performing the Post-Patch Install Steps

After completing the upgrade, you have to perform the post-patch installation steps.

The post-patch installation steps comprises the following:

• Running the Poststart Command to Confirm Successful Binary Patching
  
• Performing a Clean Restart of the Servers
  

Running the Poststart Command to Confirm Successful Binary Patching

Use the variables and the instructions in the Stack Patch Bundle README.txt file to run the poststart command for your product, as shown below:

$ ./spbat.sh -type oig -phase poststart -mw_home /<INSTALLATION_DIRECTORY>/IAM12c -spb_download_dir /<DOWNLOAD_LOCATION>/IDM_SPB_12.2.1.4.200714 -log_dir /<DOWNLOAD_LOCATION>/OIGlogs

For details, see Doc ID 2657920.1.

Performing a Clean Restart of the Servers

Restart all the servers including the Administration Server and any Managed Servers. See Starting Servers and Processes.