This chapter describes issues associated with Oracle Fusion Middleware administration. It includes the following topics:
Note:
This chapter contains issues you might encounter while administering any of the Oracle Fusion Middleware products.Be sure to review the product-specific release note for any additional issues specific to the products you are using.
This section describes general issue and workarounds. It includes the following topics:
Section 4.1.1, "Problems Using Oracle Database 12.2 with This Release"
Section 4.1.3, "Fusion Middleware Control May Return Error in Mixed IPv6 and IPv4 Environment"
Section 4.1.5, "Limitations in Moving from Test to Production"
Section 4.1.7, "Message Returned with Incorrect Error Message Level"
When you use Oracle Database 12.2 or higher, you may run into the following issues:
When you create a Metadata Services (MDS) database schema using Repository Creation Utility (RCU) or upgrade the MDS database schema using Patch Set Assistant against Oracle Database 12.2, the operation may fail.
You may receive the error ORA-28104: input value for statement_types is not valid. This is because, as part of a security fix beginning with Oracle Database 12.2, for the DBMS_RLS.ADD_POLICY procedure, statement types of INSERT and UPDATE_CHECK with a value of FALSE (the default value) are no longer allowed. The security fix results in an ORA-28104 error while registering Virtual Private Database policies.
This error is returned to avoid giving the impression that Virtual Private Database policies are enforced for INSERT statements, which is not the case.
To work around the error, configure the system with "_allow_inserts_with_UPDATE_CHECK" set to True, by executing the following SQL command:
ALTER SYSTEM SET "_allow_insert_with_update_check"=TRUE scope=both
Then, re-run RCU or the Patch Set Assistant to create or upgrade the MDS database schema.
When you use Oracle Fusion Middleware with Oracle Database 12.2 or higher, you may encounter the following error:
ORA-00932: inconsistent datatypes: expected SYS.AQ$_JMS_MESSAGE gotSYS.AQ$_JMS_MESSAGE
The error occurs because during enqueue and dequeue of AQ$_JMS_MESSAGE type, the version number sent to the database server may be inconsistent. This happens when TOID (the type's unique identifier) for AQ$_JMS_MESSAGE type in type$ is a user-defined TOID and not a fixed SYSTEM defined TOID.
To work around this error, install the following patch, which replaces the ojdbc6.jar file used by Oracle Fusion Middleware:
https://updates.oracle.com/download/21663638.html
For Oracle Fusion Middleware 11g, select Release 11.1.1.7 .0.
When you install Oracle Fusion Middleware Release 11gR1 or Release 11gR2 products with Oracle Database 12.2.0.1, you may run into following error:
ORA-28040: No matching authentication protocol
This occurs because there is no 11g verifier for the proxy user.
Use the following workaround to create the 11g Verifier and allow the connection to the 12.2.0.1 Oracle Database from the Oracle Fusion Middleware installation to proceed:
Set ORACLE_HOME to the Oracle Database 12.2.0.1 Oracle home.
Add the following line to the sqlnet.ora file (in ORACLE_HOME/network/admin):
SQLNET.ALLOWED_LOGON_VERSION=11
Connect to the database as sys as sysdba user and execute the following SQL commands:
ALTER SYSTEM set sec_case_sensitive_logon=FALSE scope=spfile; shutdown immediate; startup; alter user sys identified by sys_password; alter user system identified by sys_password;
Download the patch from the following location. It is in the form of a zip file. Unzip it.
Because the patch is based on Oracle Database 11.1.0.7 release, apply it on a 11.1.0.7.0 Oracle Database. In the directory in which you unzipped the patch, enter the following commands:
setenv ORACLE_HOME oracle home of 11.1.0.7.0 db
setenv PATH $ORACLE_HOME/OPatch:$PATH
setenv PATH /usr/ccs/bin:$PATH
Execute following command to apply the patch from the patch unzipped directory:
opatch napply -skip_subset -skip_duplicate
After the patch is applied, copy the following files to the RCU_Home to the specified directories:
| File to Copy from Patched Database | Copy to This Location |
|---|---|
| ORACLE_HOME/jdbc/lib/ojdbc*.jar | RCU_HOME/jdbc/lib/ojdbc*.jar |
| ORACLE_HOME/lib/libclntsh.so.11.1 | Copy to this location, renaming the file:
RCU_HOME/lib/libclntsh.so.11.1 RCU_HOME/lib/libclntsh.so.10.1 RCU_HOME/lib/libclntsh.so |
| ORACLE_HOME/sqlplus/lib/* | Replace RCU_HOME/sqlplus/lib/* |
Now RCU is patched with the security patch and can be used to install Oracle Fusion Middleware schemas.
If you want to use latest DB security features, you should not set SQLNET.ALLOWED_LOGON_VERSION=11. You can apply one of the two workarounds.
Workaround 1: If Weblogic server is installed in MW_HOME, then perform the following:
Set RCU_HOME environment variable. For example:
Unix: RCU_HOME=/stage/rcu/rcuHome; export RCU_HOME
Windows: set RCU_HOME=\stage\rcu\rcuHome
Make a copy of RCU_HOME/jdbc/lib/ojdbc6.jar.
Replace RCU_HOME/jdbc/lib/ojdbc6.jar with copy from WL_HOME:
Unix: cp $WL_HOME/server/lib/ojdbc6.jar $RCU_HOME/jdbc/lib/
Windows: copy %WL_HOME%\server\lib\ojdbc6.jar %RCU_HOME%\jdbc\lib
Workaround 2: Patch RCU with the DBCPUjul2015 patch:
Download the patch from the following location. It is in the form of a zip file. Unzip it.
Because the patch is based on Oracle Database 11.1.0.7 release, apply it on a 11.1.0.7.0 Oracle Database. In the directory in which you unzipped the patch, enter the following commands:
setenv ORACLE_HOME oracle home of 11.1.0.7.0 db
setenv PATH $ORACLE_HOME/OPatch:$PATH
setenv PATH /usr/ccs/bin:$PATH
Execute following command to apply the patch from the patch unzipped directory:
opatch napply -skip_subset -skip_duplicate
After the patch is applied, copy the following files to the RCU_Home to the specified directories:
| File to Copy from Patched Database | Copy to This Location |
|---|---|
| ORACLE_HOME/jdbc/lib/ojdbc*.jar | RCU_HOME/jdbc/lib/ojdbc*.jar |
| ORACLE_HOME/lib/libclntsh.so.11.1 | Copy to this location, renaming the file:
RCU_HOME/lib/libclntsh.so.11.1 RCU_HOME/lib/libclntsh.so.10.1 RCU_HOME/lib/libclntsh.so |
| ORACLE_HOME/sqlplus/lib/* | Replace RCU_HOME/sqlplus/lib/* |
Now RCU is patched with the security patch and can be used to install Oracle Fusion Middleware schemas.
OPMN provides the opmnctl command. The executable file is located in the following directories:
ORACLE_HOME/opmn/bin/opmnctl: The opmnctl command from this location should be used only to create an Oracle instance or a component for an Oracle instance on the local system. Any opmnctl commands generated from this location should not be used to manage system processes or to start OPMN.
On Windows, if you start OPMN using the opmnctl start command from this location, OPMN and its processes will terminate when the Windows user has logged out.
ORACLE_INSTANCE/bin/opmnctl: The opmnctl command from this location provides a per Oracle instance instantiation of opmnctl. Use opmnctl commands from this location to manage processes for this Oracle instance. You can also use this opmnctl to create components for the Oracle instance.
On Windows, if you start OPMN using the opmnctl start command from this location, it starts OPMN as a Windows service. As a result, the OPMN parent process, and the processes which it manages, persist after the MS Windows user has logged out.
If your environment contains both IPv6 and IPv4 network protocols, Fusion Middleware Control may return an error in certain circumstances.
If the browser that is accessing Fusion Middleware Control is on a host using the IPv4 protocol, and selects a control that accesses a host using the IPv6 protocol, Fusion Middleware Control will return an error. Similarly, if the browser that is accessing Fusion Middleware Control is on a host using the IPv6 protocol, and selects a control that accesses a host using the IPv4 protocol, Fusion Middleware Control will return an error.
For example, if you are using a browser that is on a host using the IPv4 protocol and you are using Fusion Middleware Control, Fusion Middleware Control returns an error when you navigate to an entity that is running on a host using the IPv6 protocol, such as in the following situations:
From the Oracle Internet Directory home page, you select Directory Services Manager from the Oracle Internet Directory menu. Oracle Directory Services Manager is running on a host using the IPv6 protocol.
From a Managed Server home page, you click the link for Oracle WebLogic Server Administration Console, which is running on IPv6.
You test Web Services endpoints, which are on a host using IPv6.
You click an application URL or Java application which is on a host using IPv6.
To work around this issue, you can add the following entry to the /etc/hosts file:
nnn.nn.nn.nn myserver-ipv6 myserver-ipv6.example.com
In the example, nnn.nn.nn.nn is the IPv4 address of the Administration Server host, myserver.example.com.
Some JSF applications may experience a memory leak due to incorrect Abstract Window Toolkit (AWT) application context classloader initialization in the Java class library. Setting the oracle.jrf.EnableAppContextInit system property to true will attempt eager initialization of the AWT application context classloader to prevent this leak from occurring. By default, this property is set to false.
Note the following limitations in moving from test to production:
If your environment includes Oracle WebLogic Server which you have upgraded from one release to another (for example from 10.3.4 to 10.3.5), the pasteConfig scripts fails with the following error:
Oracle_common_home/bin/unpack.sh line29: WL_home/common/bin/unpack.sh No such file or directory
To work around this issue, edit the following file:
MW_HOME/utils/uninstall/WebLogic_Platform_10.3.5.0/WebLogic_Server_10.3.5.0_Core_Application_Server.txt file
Add the following entries:
/wlserver_10.3/server/lib/unix/nodemanager.sh /wlserver_10.3/common/quickstart/quickstart.cmd /wlserver_10.3/common/quickstart/quickstart.sh /wlserver_10.3/uninstall/uninstall.cmd /wlserver_10.3/uninstall/uninstall.sh /utils/config/10.3/setHomeDirs.cmd /utils/config/10.3/setHomeDirs.sh
After you move Oracle Virtual Directory from one host to another, you must add a self-signed certificate to the Oracle Virtual Directory keystore and EM Agent wallet on Host B. Take the following steps:
Set the ORACLE_HOME and JAVA_HOME environment variables.
Delete the existing self-signed certificate:
$JAVA_HOME/bin/keytool -delete -alias serverselfsigned -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks -storepass OVD_Admin_password
Generate a key pair:
$JAVA_HOME/bin/keytool -genkeypair -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks -storepass OVD_Admin_password -keypass OVD_Admin_password -alias serverselfsigned -keyalg rsa -dname "CN=Fully_qualified_hostname,O=test"
Export the certificate:
$JAVA_HOME/bin/keytool -exportcert -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks -storepass OVD_Admin_password -rfc -alias serverselfsigned -file ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt
Add a wallet to the EM Agent:
ORACLE_HOME/../oracle_common/bin/orapki wallet add -wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet -pwd EM_Agent_Wallet_password -trusted_cert -cert ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt
Stop and start the Oracle Virtual Directory server.
Stop and start the EM Agent.
When you are moving Oracle Platform Security and you are using an LDAP store, the LDAP store on the source environment must be running and it must be accessible from the target during the pasteConfig operation.
The copyConfig script works only with non-SSL ports. Because of this, ensure that non-SSL ports are enabled for all Managed Servers and the Administration Server.
Note that if the administration port feature is enabled for the source Oracle WebLogic Server domain, you must disable it first before running copyConfig as it prevents the usage of non-SSL ports for administrative tasks.
For information about the administration port, see "Administration Port and Administrative Channel" in Configuring Server Environments for Oracle WebLogic Server.
The movement scripts do not support moving Oracle Identity Manager to another environment, either through the movement scripts or manual steps. In addition, if Oracle Identity Manager is part of the source environment of other components, the movement scripts for that environment will fail. This restriction applies to all 11.1.1 releases of Oracle Identity Manager.
When you are moving Oracle Platform Security Services and the data is moving from LDAP to LDAP, the source and target LDAP domain component hierarchy must be same. If it is not, the Oracle Platform Security Services data movement will fail. For example, if the source is hierarchy is configured as dc=us,dc=com, the target LDAP must have the same domain component hierarchy.
When you move Oracle BI Enterprise Edition, you may see the following messages:
Exception message : javax.servlet.UnavailableException: ESSBASEPATH is set toinvalid path Exception message : SEVERE: Element Type: SYSTEM_COMPONENT, Element Id: slc02qcs:essbaseserver1, Operation Result: FAILED_TO_ACCESS_CONFIG_FILE, Detail Message: No such file or directory[[java.io.IOException: No such file or directory]]
You can safely ignore these messages.
When you move Oracle BI Enterprise Edition, the pasteConfig operation will fail if the machine name and the host name do not match. In this case, the operation will return the following error:
CLONE-20218 Provide the clone log
and error file for investigation.
java.lang.RuntimeException: BIInstance paste can be applied only a in a
machine which has a managed server. System didn't find any BI manged server
in the host hostname
If Oracle BI Enterprise Edition is configured with a database security store, the copyConfig script fails. To move an installation of Oracle BI Enterprise Edition from a source to a target environment using the movement scripts, use the LDAP security store.
When you move a Web tier environment, the copyBinary script may return the following message:
Warning Message :1 Nov 20, 2014 10:47:57 - WARNING - CLONE-20266 Unable to archive a file. Nov 20, 2014 10:47:57 - CAUSE - CLONE-20266 The file "/scratch/oracle/webtier6400/network/log/cgisock.9465" did not have sufficient permission to access. Nov 20, 2014 10:47:57 - ACTION - CLONE-20266 Correct the permission of above file and run copyBinary again.
You can safely ignore this message.
If you have an IDS store configured in the source environment, and you plan to retain the same ID store host and port in the target environment without moving it, the pasteConfig script returns the following error:
Specified host already configured in adapter
To work around the problem, in the generated moveplan.xml, under configGroup LIBOVD_ADAPTERS, look for the configProperty representing the Identity Store that you do not plan to move. Comment out the entire section corresponding to the configProperty for your Identity Store in the move plan before you run the pasteConfig script.
Note the following limitations when moving Oracle Business Process Management from a test environment to a production environment:
When you move Oracle Business Process Management from a test environment to a production environment as described in the Task "Move Oracle Business Process Management to the New Production Environment" in the Administrator's Guide, Oracle Business Process Management Organization Units are not imported.
To work around this issue, you must re-create the Organization Units in the production environment. In addition, if any Organization associations with the Calendar rule for the Role exist in the test environment, you must re-create them, using the Roles screen.
For information, see "Working with Organizations" in the Modeling and Implementation Guide for Oracle Business Process Management.
Oracle recommends that you move artifacts and data into a new, empty production environment. If the same artifacts are present or some data has been updated on the production environment, the procedure does not update those artifacts.
In Fusion Middleware Control, when you select a metadata repository, the following error messages are logged:
Partitions is NULL Partitions size is 0
These messages are logged at the Error level, which is incorrect. They should be logged at the debug level, to provide information.
This section describes configuration issues and their workarounds. It includes the following topics:
In Fusion Middleware Control, the Topology Viewer does not display applications that are deployed to a cluster.
When you change the log file format note the following:
When you change the log file format from text to xml, specify the path, but omit the file name. The new file will be named log. xml.
When you change the log file format from xml to text, specify both the path and the file name.
The following issues have been observed when using the SSL Automation tool:
The script creates intermediate files that contain passwords in clear text. If the script fails, these files might not be removed. After a script failure, delete all files under the rootCA directory.
If Oracle Internet Directory password policy is enabled, passwords entered for wallet or keystore fail if they violate the policy.
Before you run the script, you must have JDK 1.6 installed and you must have JAVA_HOME set in your environment.
If the Oracle Virtual Directory configuration script fails, check the run log or enable debug for the shell script to view specific errors. If the error message looks similar to this, rerun the script with a new keystore name:
WLSTException: Error occured while performing cd : Attribute oracle.as.ovd:type=component.listenersconfig.sslconfig,name=LDAP SSL Endpoint,instance=%OVD_INSTANCE%,component=ovd1 not found
There are no known documentation issues for the Administrator's Guide at this time.