This chapter describes issues associated with Oracle Fusion Middleware administration. It includes the following topics:
This section describes configuration issues and their workarounds. It includes the following topics:
Section 3.1.1, "Problems Using Oracle Database 12.2 with This Release"
Section 3.1.2, "Limitations in Moving from Test to Production"
Section 3.1.3, "MDS purgeMetadata Command Can Take a Long Time"
Section 3.1.4, "SSL Certificate Chain Required on Certain Browsers"
When you use Oracle Database 12.2 or higher, you may run into the following issues:
When you create a Metadata Services (MDS) database schema using Repository Creation Utility (RCU) or upgrade the MDS database schema using Upgrade Assistant against Oracle Database 12.2, the operation may fail.
You may receive the error ORA-28104: input value for statement_types is not valid. This is because, as part of a security fix beginning with Oracle Database 12.2, for the DBMS_RLS.ADD_POLICY procedure, statement types of INSERT and UPDATE_CHECK with a value of FALSE (the default value) are no longer allowed. The security fix results in an ORA-28104 error while registering Virtual Private Database policies.
This error is returned to avoid giving the impression that Virtual Private Database policies are enforced for INSERT statements, which is not the case.
To work around this error, configure the system with "_allow_inserts_with_UPDATE_CHECK" set to True, by executing the following SQL command:
ALTER SYSTEM SET "_allow_insert_with_update_check"=TRUE scope=spfile
Then, restart the database and re-run RCU or the Upgrade Assistant to create or upgrade the MDS database schema.
When you use Oracle Fusion Middleware with Oracle Database 12.2 or higher, you may encounter the following error:
ORA-00932: inconsistent datatypes: expected SYS.AQ$_JMS_MESSAGE gotSYS.AQ$_JMS_MESSAGE
The error occurs because during enqueue and dequeue of AQ$_JMS_MESSAGE type, the version number sent to the database server may be inconsistent. This happens when TOID (the type's unique identifier) for AQ$_JMS_MESSAGE type in type$ is a user-defined TOID and not a fixed SYSTEM defined TOID.
To work around this error, install the following patch, which replaces the ojdbc6.jar file used by Oracle Fusion Middleware:
https://updates.oracle.com/download/21663638.html
For Oracle Fusion Middleware 12.1.3, select Release 12.1.0.2.0.
Note the following limitations in moving from test to production:
Before running the pasteConfig script, you must set an environment variable for the Java temp directory:
On Linux or UNIX:
setenv T2P_JAVA_OPTIONS "-Djava.io.tmpdir=/home/t2p/temp" export T2P_JAVA_OPTIONS
On Windows:
set T2P_JAVA_OPTIONS="-Djava.io.tmpdir=c:\home\t2p\temp"
Note that on Windows, the temp directory path should not contain \x. If it does the scripts fail.
The copyConfig script works only with non-SSL ports. Because of this, ensure that non-SSL ports are enabled for all Managed Servers and the Administration Server.
Note that if the administration port feature is enabled for the source Oracle WebLogic Server domain, you must disable it first before running copyConfig as it prevents the usage of non-SSL ports for administrative tasks.
For information about the administration port, see "Administration Port and Administrative Channel" in Administering Server Environments for Oracle WebLogic Server.
When you are moving Oracle Platform Security Services and the data is moving from LDAP to LDAP, the source and target LDAP domain component hierarchy must be same. If it is not, the Oracle Platform Security Services data movement will fail. For example, if the source is hierarchy is configured as dc=us,dc=com, the target LDAP must have the same domain component hierarchy.
On Windows, Node Manager and any configured system components must be shut down before you run the copyConfig script.
If the source environment is configured with the keystore service, the target is configured with Demo certificates. After you execute the movement scripts, update the target environment to use actual certificates. See "Managing Keys and Certificates with the Keystore Service" in Securing Applications with Oracle Platform Security Services.
If candidate-machine and candidate-machines-for-migratable-server are configured in the source environment, take one of the following actions:
Prior to copyConfig, remove candidate-machine and candidate-machines-for-migratable-server from the source. Then, perform the copyConfig and pasteConfig operations. (You can change the machine names in the move plan.)
Do not change the machine name in the move plan. After pasteConfig operation, you can change the machine reference.
After the pasteConfig operation completes, create candidate-machine and candidate-machines-for-migratable-server at target.
If Oracle HTTP Server is configured for SSL, it uses the following location by default:
${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/default
For custom certificates and wallets, you must:
Create a new directory in the following location and store wallet-specific files, cwallet.sso and ewallet.p12, in that directory.
${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores
Specify the path to the new directory for the SSLWallet entry in the ssl.conf file.
When you execute pasteConfig and the archive contains Oracle Platform Security Services, the script may return the following errors:
oracle.security.audit.util.StrictValidationEventHandler handleEvent
WARNING: Failed to validate the xml content. Reason: cvc-complex-type.2.4.b:
The content of element '' is not complete. One of
'{"http://xmlns.oracle.com/ias/audit/audit-2.0.xsd":source}' is expected..
Apr 24, 2013 6:28:29 AM
oracle.security.audit.util.StrictValidationEventHandler handleEvent
WARNING: Failed to validate the xml content. Reason: cvc-complex-type.2.4.b:
The content of element '' is not complete. One of
'{"http://xmlns.oracle.com/ias/audit/audit-2.0.xsd":source}' is expected..
You can ignore these errors.
If you are using Oracle Data Integrator on Windows, after you run the pasteConfig script, update the config.properties file with the following:
odi.shared.config.dir.path=%DOMAIN_HOME%/config/oracledi
During pasteConfig operation of a domain containing Oracle JRF, the following message in the error file can be ignored:
WARNING : Key store file keystores.xml integrity check failed. Location:/tmp/CLONINGCLIENTXXX/opssdatamigrate
When Oracle Business Activity Monitoring is installed on your source environment and you use the copyConfig and pasteConfig scripts, you may encounter the following errors:
40319: Invalid "JMS" configuration. 40319: The "JMS" configuration in your domain is invalid. 40319: Correct the configuration.
This is a warning caused by the missing jndi-name property of JMS object. However, the presence of the local-jndi-name property in the JMS object makes this warning irrelevant. You can ignore the errors.
When your environment includes Oracle Business Activity Monitoring, the bamcommand.log.0 log file may contain the following benign error message after you execute the pasteConfig script:
oracle.beam.impexp.commandline.util.ImportExportClient.main: Exception occurred in method Import/Export(-dbusername,DEFAULT,-dburl,DEFAULT,-dbdriver,DEFAULT,-cmd,import, -file,/scratch/aime/t2pprodsoa/soa/bam/bin/BAMT2PEMSArtifacts.zip,-mode,append) Exception: java.io.FileNotFoundException: /scratch/oracle/t2pprodsoa/soa/bam/bin/BAMT2PEMSArtifacts.zip (No such file or directory)
You can ignore this message.
When your environment includes Oracle Business Activity Monitoring, the log file may contain the following benign error message after you execute the copyConfig or pasteConfig scripts:
<Apr 29, 2014 1:04:39 AM MDT> <Warning> <JNDI> <BEA-050001> <WLContext.close() was called in a different thread than the one in which it was created.>
You can ignore this message.
After you move Oracle B2B and Healthcare from a test environment to a production environment (using the movement scripts), you may need to change Contact details along with other related properties:
In Fusion Middleware Control, navigate to User Messaging Service, and right-click the server.
From the menu, select usermessagingdriver-email / Email Driver Properties.
For Outgoing Password, change the type of password.
For Outgoing Mail Server Security, specify the value.
Navigate to the Oracle SOA Suite server. Right-click the server name, and select SOA Administration, then Workflow Properties.
For Notification Mode, select the type.
For Email: Actionable Address, enter the address.
Click Apply.
Restart the server.
When you use the movement scripts, the B2B batch configuration (configured under the Admin Batch tab) is not moved. To move the batch configuration, export the B2B_BATCH_EVENT table from the test environment and import it into the target environment.
When you move Oracle HTTP Server, you cannot specify the IPV6 address in the move plan. Instead, use the host name. For example:
hostname.domainname.com
When autopurge is not enabled or manual purge is not frequently executed, the MDS database repository could have a lot of older (non-tip) versions accumulated. This can result in the next purge operation to take a very long time (possibly hours). In such a case, the purge operation may need to be terminated to avoid affecting the system performance. Currently, it is not possible to terminate the purge operation using Oracle Fusion Middleware tools. Instead, you need to do this at the database level.
To terminate the purge operation, contact the DBA. The DBA can identify the database session where the purgeMetadata operation is executing and kill the session to stop the purge. Note that MDS purges 300 documents in each iteration, commits the change, and repeats until all purgeable documents are processed. As a result, killing the database session will not affect already committed purge iterations.
When you configure SSL for Oracle HTTP Server, you may need to import the entire certificate chain (rootCA, Intermediate CAs and so on).
Certain browsers, for example Internet Explorer, require that the entire certificate chain be imported to the browsers for SSL handshake to work. If your certificate was issued by an intermediate CA, you will need to ensure that the complete chain of certificates is available on the browser or the handshake will fail. If an intermediate certificate in the chain expires, it must be renewed along with all the certificates (such as OHS server) in the chain.
This section describes configuration issues and workarounds. It includes the following topic:
The Service table page of Fusion Middleware Control contains a mention of shared service tables. Shared service tables are not supported.
This section describes documentation errata and corrections. It includes the following topics:
Oracle Fusion Middleware Administering Oracle Fusion Middleware for 12c (12.1.3), part number E36206-02, incorrectly lists the Oracle Wallet Manager tool in these sections:
6.2.4 Tools for SSL Configuration
8.1.2 Keystore Management Tools
Oracle Wallet Manager is not available in 12c (12.1.3).