4 Upgrading Oracle Identity Manager Single Node Environments

You can upgrade Oracle Identity Manager from Release 11g Release 2 (11.1.2.3.0) to Oracle Identity Governance 12c (12.2.1.3.0) .

Note:

The product Oracle Identity Manager is referred to as Oracle Identity Manager (OIM) and Oracle Identity Governance (OIG) interchangeably in the guide.

Complete the steps in the following topics to perform the upgrade:

Topics:

4.1 About the Oracle Identity Manager Single Node Upgrade Process

Review the roadmap for an overview of the upgrade process for Oracle Identity Manager single node deployments.

The steps you take to upgrade your existing domain will vary depending on how your domain is configured and which components are being upgraded. Follow only those steps that are applicable to your deployment.

Table 4-1 Tasks for Upgrading Oracle Identity Manager Single Node Environments

Task Description

Required

If you have not done so already, review the introductory topics in this guide and complete the required pre-upgrade tasks.

See:

Required

Generate the pre-upgrade report for Oracle Identity Manager. Review the information in the report and perform the mandatory pre-upgrade tasks, if any.

See Generating and Analyzing Pre-Upgrade Report for Oracle Identity Manager.

Required

Complete the necessary pre-upgrade tasks specific to Oracle Identity Manager.

See Completing the Pre-Upgrade Tasks for Oracle Identity Manager.

Required

Install Fusion Middleware Infrastructure 12c (12.2.1.3.0), Oracle SOA Suite12c (12.2.1.3.0) and Oracle Identity and Access Management12c (12.2.1.3.0) in the new Oracle home.

Install the following products in a new Oracle home on the same host as the 11g production deployment before you begin the upgrade.

  • Fusion Middleware Infrastructure 12c (12.2.1.3.0)

  • Oracle SOA Suite12c (12.2.1.3.0)

  • Oracle Identity and Access Management12c (12.2.1.3.0)

It is recommended that you use the simplified installation process to install the products mentioned above, using the quick installer. The quick installer installs the Infrastructure, Oracle SOA Suite, and Oracle Identity and Access Management 12c (12.2.1.3.0) in one go. See Installing Oracle Identity Governance Using Quick Installer in the Installing and Configuring Oracle Identity and Access Management.

The other option is to install these products separately using their respective installers. See Installing Product Distributions.

Optional

Run a pre-upgrade readiness check.

See Running a Pre-Upgrade Readiness Check.

Optional

Start the Repository Creation Utility (RCU) to create the required 12c database schemas.

This step is not required for non-SSL setup, as the Upgrade Assistant creates the necessary 12c schemas during the upgrade process.

For SSL enabled setup, you must run the RCU to create the necessary 12c schemas.

The schemas you create will vary depending on your existing schema configuration.

See Creating the Required 12c Schemas with the RCU.

Required

Tune the Database parameters for Oracle Identity Manager.

See Tuning Database Parameters for Oracle Identity Manager.

Required

Shut down the 11g servers. This includes the Administration Server, Managed Servers, Node Manager, and system components like Oracle HTTP Server.

Ensure that the Database is up during the upgrade.

WARNING: Failure to shut down your servers during an upgrade may lead to data corruption.

See Stopping Servers and Processes.

Required

Start the Upgrade Assistant to upgrade the 11g database schemas and to migrate all active (in flight) instance data.

See Upgrading Product Schemas.

NOTE: The upgrade of active instance data is started automatically when running the Upgrade Assistant. Once the data is successfully upgraded to the new 12c (12.2.1.3.0) environment, you can close the Upgrade Assistant. The closed instances will continue to upgrade through a background process.

Required

Tune the application module for Oracle Identity Manager.

See Tuning Application Module for User Interface.

Required

Start the Reconfiguration Wizard to reconfigure the domain.

During an upgrade, the Configuration Wizard is run in reconfiguration mode to update the existing domain to use the newly installed software.

See Reconfiguring the Domain Using the Reconfiguration Wizard.

Required

Start the Upgrade Assistant (again) to upgrade Oracle Identity Manager domain component configurations.

The Upgrade Assistant is used to update the reconfigured domain’s component configurations.

See Upgrading Domain Component Configurations.

Required

Start the servers.

See Starting the Servers.

Required

Upgrade the Oracle Identity Manager Design Console to 12c (12.2.1.3.0).

See Upgrading Oracle Identity Manager Design Console.

Optional

Perform the post-upgrade tasks for SSL enabled setup.

See Completing the Post-Upgrade Tasks for SSL Enabled Setup.

Optional

When you upgrade to Oracle Identity Governance 12c (12.2.1.3.0), the embedded Oracle BI Publisher present in the 11.1.2.3.0 deployment is removed. Therefore, you must install a new standalone Oracle BI Publisher 12c (12.2.1.3.0) post upgrade, and integrate it with Oracle Identity Governance 12c (12.2.1.3.0) to configure the Oracle Identity Governance reports.

See, Installing Standalone Oracle BI Publisher.

4.2 Generating and Analyzing Pre-Upgrade Report for Oracle Identity Manager

Run the pre-upgrade report utility before you begin the upgrade process for Oracle Identity Manager, and address all of the issues using the solution provided in the report.

The pre-upgrade report utility analyzes your existing Oracle Identity Manager environment, and provides information about the mandatory prerequisites that you must complete before you begin the upgrade.

Note:

Run this report until no pending issues are listed in the report. It is important to address all of the issues listed in the pre-upgrade report before you proceed with the upgrade, as the upgrade might fail if the issues are not resolved.

Ensure that the Database and the 11.1.2.3.0 Oracle Identity Manager servers are up and running before you run the pre-upgrade report utility.

Topics:

4.2.1 Obtaining the Pre-Upgrade Report Utility

Download the pre-upgrade report utility for Oracle Identity Manager from Oracle Technology Network (OTN).

The utility is available in a zip file named PreUpgradeReport.zip along with ReadMe.doc at the following location on My Oracle Support:

My Oracle Support document ID 2308933.1

The ReadMe.doc contains information about how to generate and analyze the pre-upgrade reports.

4.2.2 Generating the Pre-Upgrade Report

Generate the pre-upgrade report before you start with the upgrade process for Oracle Identity Manager, and resolve the issues listed in the report.

To generate the pre-upgrade report for Oracle Identity Manager, complete the following steps:

  1. Create a new directory at any location and extract the contents of PreUpgradeReport.zip.001 and PreUpgradeReport.zip.002 in the newly created directory.
  2. Create a directory where the pre-upgrade reports need to be generated. For example, name the directory OIM_preupgrade_reports.
  3. Go to the directory where you extracted the zip files PreUpgradeReport.zip.001 and PreUpgradeReport.zip.002, and open the preupgrade_report_input.properties file in a text editor. Update the properties file with the appropriate values for the parameters listed in Table 4-2

    Table 4-2 Paramaters to be Specified in the preupgrade_report_input.properties File

    Parameter Description
    oim.mwhome Specify the absolute path to the Middleware home. For example:

    /Oracle/Middleware

    oim.oimhome Specify the absolute path to the existing OIM home. For example:

    /Oracle/Middleware/Oracle_IDM1

    oim.javahome Specify the absolute path to the Java home. Ensure that you point to JAVA 8.
    oim.wlshome Specify the absolute path to the WebLogic Server home. For example:

    /Middleware/wlserver_10.3

    oim.domain Specify the absolute path to the Oracle Identity Manager domain home. For example:

    /Middleware/user_projects/domains/base_domain

    oim.oimhost Specify the hostname of Oracle Identity Manager .
    oim.oimport Specify the port of the Oracle Identity Manager server.
    oim.username Specify the Oracle Identity Manager username.
    oim.targetVersion Specify the target version of the Oracle Identity Manager, that is, 12.2.1.3.0.
    oim.jdbcurl Specify the JDBC URL for Oracle Identity Manager in one of the following formats:

    host:port/service_name

    or

    host:port:sid

    oim.oimschemaowner Specify the name of the OIM schema owner.
    oim.mdsjdbcurl Specify the MDS JDBC URL in the one of the following formats:

    host:port/service_name

    or

    host:port:sid

    oim.mdsschemaowner Specify the name of the MDS schema owner.
    oim.databaseadminname Specify the user with DBA privilege. For example, sys as sysdba.
    oim.outputreportfolder Specify the absolute path to the directory where you want the reports to be generated (OIM_preupgrade_reports).Ensure that this directory has read and write permissions.
  4. Run the following command from the location where you extracted the contents of PreUpgradeReport.zip.001 and PreUpgradeReport.zip.002.
    • On UNIX:

      sh generatePreUpgradeReport.sh

    • On Windows:

      generatePreUpgradeReport.bat

  5. Provide the details when the following are prompted:
    • OIM Schema Password: Enter the password of the Oracle Identity Manager (OIM) schema.
    • MDS Schema Password: Enter the password of the Metadata Services (MDS) schema.
    • DBA Password: Enter the password of the Database Administrator.
    • OIM Admin Password: Enter the password of the Oracle Identity Manager Administrator.
  6. The reports are generated as HTML pages at the location you specified for the parameter oim.outputreportfolder in the preupgrade_report_input.properties file. The logs are stored in the log file preUpgradeReport<time>.log in the folder logs at the same location.

4.2.3 Analyzing the Pre-Upgrade Report

After you generate the pre-upgrade report for Oracle Identity Manager, review each of the reports, and perform all of the tasks described in them. If you do not perform the mandatory tasks described in the report, the upgrade might fail.

Table 4-3 Pre-Upgrade Reports Generated for Oracle Identity Manager

Report Name Description and Action Item

Status of OIM System Property — XL.AllowedBackURLs

This report provides the status of the system property related to setting the back URLs in Oracle Identity Manager.

Changes to SCIM-JWT in 12c

This report lists the new SCIM urls published during 12c (12.2.1.3.0).

You must use the new URLs instead of the old ones.

Potential upgrade issues for User Defined Attributes

This report lists the potential issues with the User Defined Field (UDF) defined in Oracle Identity Manager 11.1.2.3.0 during upgrade.

Status of Mandatory Database Components

This report lists the installation status of the mandatory Database components which are required for upgrade.

Status of Mandatory deletion of OIM Authentication Jar(s)

This report lists the status of a few mandatory jars that need to be deleted before upgrade.

Full MDS Export of source environment

This report lists the details regarding the MDS backup taken prior to upgrade.

Customized Notification Templates status on source environment

This report lists all of the Out—of—the—box (OOTB) notification templates having customizations. These customizations will be over-written by OOTB values during upgrade.

OIM-OMSS Integration Pre-Upgrade Report

This report gives the deprecation information about the Oracle Mobile Security Services (OMSS) with Oracle Identity Manager in 12c (12.2.1.3.0).

Status of Domain Configuration

This report lists the application (if any) that are in stage mode.

Status of Mandatory DB Privilege

This report lists the missing mandatory database privileges that are required for upgrade.

Status of data associated with access policies

In 12c, access policies are associated with application instances instead of resource object. To handle the same, this report lists in-consistent data (if present) in the Oracle Identity Manager 11.1.2.3.0.

Application Management PreUpgrade Report

This report lists the errors or problems associated with the existing application in Oracle Identity Manager 11.1.2.3.0 setup, prior to moving it to Application on boarding functionality of 12c (12.2.1.3.0).

Authorization Policy backup of source environment

This report lists the details regarding the Oracle Identity Manager authorization policy backup taken prior to upgrade.

Information about Schedule Jobs against Schedule task named as OIM Data Purge Task on source environment

This report provides an important information regarding one of the schedule tasks which will be available after upgrade.

4.3 Completing the Pre-Upgrade Tasks for Oracle Identity Manager

Complete the pre-upgrade tasks described in this section before you upgrade Oracle Identity Manager.

Topics:

4.3.1 Updating Server Wallets to Remove MD5 Algorithm

If the existing keystore has a certificate which is invalid with the JDK that is used to install 12c (12.2.1.3.0) binaries, you must generate the keystore and place it in the DOMAIN_HOME/config/fmwconfig directory.

If the default keystore has MD5 algorithm, then the upgrade readiness check and the examine phase of OIM configuration upgrade will fail.

To verify the validity of the certificate, do the following:

  1. Check for the jdk.certpath.disabledAlgorithms property in the 12c_JAVA_HOME/jre/lib/security/java.security file.
    For example:

    jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

  2. Check for the certificate algorithm in the existing keystore by doing the following:
    1. For default keystore, DOMAIN_HOME/config/fmwconfig/default-keystore.jks, run the following command from the 12c_JAVA_HOME/jre/bin directory:
      ./keytool -list -v -keystore DOMAIN_HOME/config/fmwconfig/default-keystore.jks
      
      If you are using the custom keystores, that is, DOMAIN_HOME/config/fmwconfig/name_of_custom_store, run the following command from the 12c_JAVA_HOME/jre/bin directory:
      ./keytool -list -v -keystore DOMAIN_HOME/config/fmwconfig/custom_keystore.jks
      

      This command displays the keystore data. Enter the keystore password when prompted.

    2. Check for the Signature algorithm name field value in the output of the above command. If the value of Signature algorithm name field and the jdk.certpath.disabledAlgorithms property has MD5 algorithm, then the given keystore will not be valid after upgrade.
      If the keystore is not valid after upgrade, the following error in seen in the server logs while executing the request use cases after upgrade, and none of the request use cases will be successful:
      Caused by: java.security.cert.CertPathValidatorException: Algorithm 
      constraints check failed: MD5withRSA 
      
  3. Generate the keystore by running the following commands:

    Note:

    The following commands can be used to generate both default keystore and custom keystores.

    • ./keytool —genkeypair —keystore new_keystore_location/new_keystore_name.jks —keyalg supported_algorithm_name -sigalg SHA256withRSA —validity validity_period —keypass key_password —storepass keystore_password —alias xell —dname vaild_name —keysize key_size
      

      For example:

      ./keytool -genkeypair -keystore /scratch/default-keystore.jks -keyalg RSA -sigalg SHA256withRSA -validity 3600 -keypass Welcome1 -storepass Welcome1 -alias xell -dname "CN=oimhost,OU=Identity,O=ABC,C=XX" -keysize 2048
      
    • ./keytool —exportcert —keystore new_keystore_location/new_keystore_name.jks -rfc -file new_keystore_location/certificate_name.cer
      

      For example:

      ./keytool -exportcert -keystore /scratch/default-keystore.jks -v -alias xell -storepass Welcome1 -rfc -file /scratch/cert.cer
      
    • ./keytool —importcert —keystore new_keystore_location/new_keystore_name.jks -alias xeltrusted -file new_keystore_location/certificate_name.cer -storepass keystore_password
      

      Click Yes to confirm the action.

      For example:

      ./keytool -importcert -keystore /scratch/default-keystore.jks -alias xeltrusted -file /scratch/cert.cer -storepass Welcome1
      
  4. Import the newly generated keystore into the existing keystore DOMAIN_HOME/config/fmwconfig/default-keystore.jks by running the following command:
    ./keytool —importkeystore —srckeystore new_keystore_location/new_keystore_name.jks -destkeystore DOMAIN_HOME/config/fmwconfig/default-keystore.jks -srcstorepass source_keystore_password -deststorepass destination_keystore_password -noprompt
    

    For example:

    ./keytool -importkeystore -srckeystore /scratch/default-keystore.jks -destkeystore domain_home/config/fmwconfig/default-keystore.jks -srcstorepass Welcome1 -deststorepass Welcome1 -noprompt
    
  5. Log in to Enterprise Manager console and update the xell named CSF key under oim map, with the password value which is used above to generate the new key in keystore. In the above example, the password used is Welcome1.

Note:

For more information about using the keytool command, see keytool in the Java Platform, Standard Edition Tools Reference.

Note:

The procedure described in this section for regenerating the default-keystore.jks or custom keystore includes self-signed certificates. If CA signed certificate is required, follow the standard process for the same, that is, generate the CSR and import the signed certificates in the keystore.

During bootstrap process in OIM, the default-keystore.jks keystore will be configured in Keystore Service (KSS) out-of-the-box. In case of custom keystore,upload the given custom keystore to KSS after completing the upgrade. After you upload the given custom keystore to KSS, restart the servers.

For more information about the Keystore Service commands, see OPSS Keystore Service Commands in WLST Command Reference for Infrastructure Security.

4.3.2 Updating DB Wallets to Remove MD5 Algorithm (For SSL Enabled Setup)

If you have SSL enabled setup, update all of the DB wallets to remove any MD5 algorithms, as 12c uses JDK 8 which does not support MD5 algorithm.

To update the DB wallet, do the following:
  1. Create an Oracle Wallet with default trusted certificate using the following command:
    ./orapki wallet create -wallet <trust_wallet_name> -pwd password 
    For example:

    ./orapki wallet create -wallet trust_wallet.p12 -pwd welcome1

  2. Add a self-signed certificate in the wallet with the distinguished name (DN) as CN=root_test,C=US using the following command:
    ./orapki wallet add -wallet trust_wallet_name -dn ‘dn_name’-keysize 2048 -sign_alg sha256  -self_signed -validity 3650 -pwd password_of_wallet
    For example:

    ./orapki wallet add -wallet trust_wallet.p12 -dn 'CN=root_test,C=US' -keysize 2048 -sign_alg sha256 -self_signed -validity 3650 -pwd welcome1

  3. Export the self-signed trust certificate from the Oracle wallet to use it to sign other certificates, using the following command:
    ./orapki wallet export -wallet trust_wallet_name -dn 'dn_name' -cert trust_cert_file_name -pwd password_of_wallet
    For example:

    ./orapki wallet export -wallet trust_wallet.p12 -dn 'CN=root_test,C=US' -cert wallet_trusted.cert -pwd welcome1 

  4. You already have an Oracle Wallet with User Certificate identified. The user wallet is, DB_HOME/bin/user_wallet.p12. The DN of this user certificate is CN=Customer,OU=Customer,O=Customer,L=City,ST=NY,C=US. Remove the existing user certificate from this wallet using the following command:
    ./orapki wallet  remove -wallet user_wallet_name -pwd password_of_existing_wallet -dn 'DN_name' -user_cert
    For example:

    ./orapki wallet remove -wallet user_wallet.p12 -pwd welcome1 -dn ' CN=Customer,OU=Customer,O=Customer,L=City,ST=NY,C=US ' -user_cert

  5. You already have an Oracle Wallet with Requested Certificate identified. The user wallet is, DB_HOME/bin/user_wallet.p12. The DN of this requested certificate is CN=Customer,OU=Customer,O=Customer,L=City,ST=NY,C=US. Remove the existing requested certificate from this wallet using the following command:
    ./orapki wallet  remove -wallet user_wallet_name -dn 'DN_name' —cert_req -pwd password_of_existing_wallet
    For example:

    ./orapki wallet remove -wallet user_wallet.p12 -dn 'CN=Customer,OU=Customer,O=Customer,L=City,ST=NY,C=US' -cert_req -pwd welcome1 

  6. You already have an Oracle Wallet with Trust Certificate identified. The user wallet is, DB_HOME/bin/user_wallet.p12. The DN of this trust certificate is CN=root_test,C=US. Remove the existing trust certificate from this wallet using the following command:
    ./orapki  wallet  remove  -wallet user_wallet_name -pwd password-of-existing_wallet  -dn  'DN_name' -trusted_cert 
    For example:

    ./orapki wallet remove ¿wallet user_wallet.p12 -pwd welcome1 -dn  ' CN=root_test,C=US' -trusted_cert

  7. Add a user certificate in the existing user wallet with a distinguished name as CN=Customer,OU=Customer,O=Customer,L=City,ST=NY,C=US using the following command:
    ./orapki wallet add -wallet user_wallet_name -dn ‘dn_name’ -keysize 2048 -sign_alg sha256 -pwd password_of_existing_wallet
    For example:

    ./orapki wallet add —wallet user_wallet.p12 -dn ‘CN=Customer,OU=Customer,O=Customer,L=City,ST=NY,C=US’ -keysize 2048 -sign_alg sha256 -pwd welcome1

  8. Export the user certificate request to a file using the following command:
    ./orapki wallet export -wallet user_wallet_name -dn ‘dn_name’ —request CSR_file_name -pwd password_of_existing_wallet 
    For example:

    ./orapki wallet export -wallet user_wallet.p12 -dn 'CN=Customer,OU=Customer,O=Customer,L=City,ST=NY,C=US' -request server_creq.csr -pwd welcome1

  9. Sign the user certificate request using the trusted wallet that was created above, using the following command:
    ./orapki cert create -wallet trusted_wallet_name-request CSR_file_name -cert user_cert_file_name sign_alg sha256 -pwd password_of_exiting_user_wallet
    For example:

    ./orapki cert create -wallet trust_wallet.p12 -request server_creq.csr -cert wallet_user.cert  -sign_alg sha256 - validity 3650  -pwd welcome1

  10. Add the trusted certificate wallet_trusted.cert that you created using the above procedure to the wallet, by running the following command:
    ./orapki wallet add -wallet user_wallet_name -trusted_cert -cert trust_cert_file_name  -pwd password_of_exiting_user_wallet 
    For example:

    ./orapki wallet add -wallet user_wallet.p12 -trusted_cert -cert wallet_trusted.cert -pwd  welcome1

  11. Add the signed user certificate to the Oracle wallet using the following command:
    ./orapki wallet add -wallet user_wallet -user_cert -cert user_cert_file_name -pwd password_of_exiting_user_wallet
    ./orapki wallet add ¿wallet user_wallet.p12 -user_cert -cert wallet_user.cert -pwd welcome1
  12. Remove the DB trusted certificate from server keystore. In case of demo identity and demo trust, remove from default-keystore.jks, and in case of custom identity and custom trust, remove it from the custom trust keystore, using the following command:
    ./keytool -delete -alias alias_of_db_cert -keystore custom_trust_store -storepass password-of-existing-trust-keystore
    For example:

    ./keytool -delete -alias dbtrusted -keystore DOMAIN_HOME/config/fmwconfig/custom_trust_store.jks -storepass welcome1

  13. Import self signed DB certifiacte in trust wallet using the following command:
    keytool -import -trustcacerts -alias <alias_of_db_cert>  -noprompt -keystore custom_trust_store -file DB_Trust_cert_file —storepass password_of_existing_trust_keystore 
    For example:

    keytool -import -trustcacerts -alias dbtrusted -noprompt -keystore DOMAIN_HOME/config/fmwconfig/custom_trust_store.jks -file /DB_HOME/bin/wallet_trusted.cert -storepass welcome

4.3.3 Verifying the Memory Settings

To avoid the memory issues for Oracle Identity Manager, ensure that the memory settings are updated as per the requirements.

On Linux, do the following:
  1. Ensure that you set the following parameters in the /etc/security/limits.conf file, to the specified values:
    FUSION_USER_ACCOUNT soft nofile 32767
    FUSION_USER_ACCOUNT hard nofile 327679
    
  2. Ensure that you set UsePAM to Yes in the /etc/ssh/sshd_config file.
  3. Restart sshd.
  4. Log out (or reboot) and log in to the system again.

Note:

Before you start the Oracle Identity Governance 12c Server, post upgrade, run the following command to increase the limit of open files, so that you do not run into memory issues:

limit maxproc 16384

4.3.4 Opening the Non-SSL Ports for SSL Enabled Setup

If you have an SSL enabled and non-SSL disabled setup, you must open the non-SSL ports for Servers and Database before you proceed with the Oracle Identity Manager upgrade.

4.4 Installing Product Distributions

Before beginning your upgrade, download Oracle Fusion Middleware Infrastructure, Oracle SOA Suite, and Oracle Identity and Access Management 12c (12.2.1.3.0) distributions on the target system and install them using Oracle Universal Installer.

Note:

When Infrastructure is required for the upgrade, you must install the Oracle Fusion Middleware distribution first before you install other Fusion Middleware products.

It is recommended that you use the simplified installation process to install the products mentioned above, using the quick installer (fmw_12.2.1.3.0_idmquickstart_generic.jar). The quick installer installs the Infrastructure, Oracle SOA Suite, and Oracle Identity and Access Management 12c (12.2.1.3.0) in one go.

See Installing Oracle Identity Governance Using Quick Installer in the Installing and Configuring Oracle Identity and Access Management.

The other option is to install the required product distributions — Infrastructure, Oracle SOA Suite, and OraOracle Identity and Access Management 12c (12.2.1.3.0) separately. To do this, complete the following steps:

  1. Sign in to the target system.
  2. Download the following from Oracle Technology Network or Oracle Software Delivery Cloud to your target system:
    • Oracle Fusion Middleware Infrastructure (fmw_12.2.1.3.0_infrastructure_generic.jar)
    • Oracle SOA Suite (fmw_12.2.1.3.0_soa_generic.jar)
    • Oracle Identity and Access Management (fmw_12.2.1.3.0_idm_generic.jar)
  3. Change to the directory where you downloaded the 12c (12.2.1.3.0) product distribution.
  4. Start the installation program for Oracle Fusion Middleware Infrastructure:
    • (UNIX) JDK_HOME/bin/java -jar fmw_12.2.1.3.0_infrastructure_generic.jar
    • (Windows) JDK_HOME\bin\java -jar fmw_12.2.1.3.0_infrastructure_generic.jar
  5. On UNIX operating systems, the Installation Inventory Setup screen appears if this is the first time you are installing an Oracle product on this host.
    Specify the location where you want to create your central inventory. Make sure that the operating system group name selected on this screen has write permissions to the central inventory location, and click Next.

    Note:

    The Installation Inventory Setup screen does not appear on Windows operating systems.
  6. On the Welcome screen, review the information to make sure that you have met all the prerequisites. Click Next.
  7. On the Auto Updates screen, select an option:
    • Skip Auto Updates: If you do not want your system to check for software updates at this time.

    • Select patches from directory: To navigate to a local directory if you downloaded patch files.

    • Search My Oracle Support for Updates: To automatically download software updates if you have a My Oracle Support account. You must enter Oracle Support credentials then click Search. To configure a proxy server for the installer to access My Oracle Support, click Proxy Settings. Click Test Connection to test the connection.

    Click Next.
  8. On the Installation Location screen, specify the location for the Oracle home directory and click Next.
    For more information about Oracle Fusion Middleware directory structure, see Understanding Directories for Installation and Configuration in Oracle Fusion Middleware Planning an Installation of Oracle Fusion Middleware.
  9. On the Installation Type screen, select the following:
    • For Infrastructure, select Fusion Middleware Infrastructure
    • For Oracle SOA Suite, select Oracle SOA Suite
    • For Oracle Identity and Access Management, select Oracle Identity and Access Management
    Click Next.
  10. The Prerequisite Checks screen analyzes the host computer to ensure that the specific operating system prerequisites have been met.
    To view the list of tasks that are verified, select View Successful Tasks. To view log details, select View Log. If any prerequisite check fails, then an error message appears at the bottom of the screen. Fix the error and click Rerun to try again. To ignore the error or the warning message and continue with the installation, click Skip (not recommended).
  11. On the Installation Summary screen, verify the installation options that you selected.
    If you want to save these options to a response file, click Save Response File and enter the response file location and name. The response file collects and stores all the information that you have entered, and enables you to perform a silent installation (from the command line) at a later time.

    Click Install to begin the installation.

  12. On the Installation Progress screen, when the progress bar displays 100%, click Finish to dismiss the installer, or click Next to see a summary.
  13. The Installation Complete screen displays the Installation Location and the Feature Sets that are installed. Review this information and click Finish to close the installer.
  14. After you have installed Oracle Fusion Middleware Infrastructure, enter the following command to start the installer for your product distribution and repeat the steps above to navigate through the installer screens:

    For installing Oracle SOA Suite 12c (12.2.1.3.0), run the following installer:

    • (UNIX) JDK_HOME/bin/java —jar fmw_12.2.1.3.0_soa_generic.jar

    • (Windows) JDK_HOME\bin\java -jar fmw_12.2.1.3.0_soa_generic.jar

    For installing Oracle Identity and Access Management 12c (12.2.1.3.0), run the following installer:

    • (UNIX) JDK_HOME/bin/java -jar fmw_12.2.1.3.0_idm_generic.jar

    • (Windows) JDK_HOME\bin\java -jar fmw_12.2.1.3.0_idm_generic.jar

    Note:

    For more information about installing Oracle Identity and Access Management 12c (12.2.1.3.0), see Installing the Oracle Identity and Access Management Software in the Installing and Configuring Oracle Identity and Access Management.

4.5 Running a Pre-Upgrade Readiness Check

To identify potential issues with the upgrade, Oracle recommends that you run a readiness check before you start the upgrade process. Be aware that the readiness check may not be able to discover all potential issues with your upgrade. An upgrade may still fail, even if the readiness check reports success.

Topics:

4.5.1 About Running a Pre-Upgrade Readiness Check

You can run the Upgrade Assistant in -readiness mode to detect issues before you perform the actual upgrade. You can run the readiness check in GUI mode using the Upgrade Assistant or in silent mode using a response file.

The Upgrade Assistant readiness check performs a read-only, pre-upgrade review of your Fusion Middleware schemas and WebLogic domain configurations that are at a supported starting point. The review is a read-only operation.

The readiness check generates a formatted, time-stamped readiness report so you can address potential issues before you attempt the actual upgrade. If no issues are detected, you can begin the upgrade process. Oracle recommends that you read this report thoroughly before performing an upgrade.

You can run the readiness check while your existing Oracle Fusion Middleware domain is online (while other users are actively using it) or offline.

You can run the readiness check any number of times before performing any actual upgrade. However, do not run the readiness check after an upgrade has been performed, as the report results may differ from the result of pre-upgrade readiness checks.

Note:

To prevent performance from being affected, Oracle recommends that you run the readiness check during off-peak hours.

4.5.2 Starting the Upgrade Assistant in Readiness Mode

Use the -readiness parameter to start the Upgrade Assistant in readiness mode.

To perform a readiness check on your pre-upgrade environment with the Upgrade Assistant:
  1. Go to the oracle_common/upgrade/bin directory:
    • (UNIX) NEW_ORACLE_HOME/oracle_common/upgrade/bin
    • (Windows) NEW_ORACLE_HOME\oracle_common\upgrade\bin
  2. Start the Upgrade Assistant.
    • (UNIX) ./ua -readiness
    • (Windows) ua.bat -readiness

    Note:

    If the DISPLAY environment variable is not set up properly to allow for GUI mode, you may encounter the following error:
    Xlib: connection to ":1.0" refused by server
    Xlib: No protocol specified 
    

    To resolve this issue, set the DISPLAY environment variable to the system name or IP address of your local workstation, and rerun Upgrade Assistant.

    If you continue to receive these errors after setting DISPLAY, try launching another GUI tool, such as vncconfig. If you see the same errors, your DISPLAY environment variable may still not be set correctly.

    For information about other parameters that you can specify on the command line, see:

Topics:

4.5.2.1 Upgrade Assistant Parameters

When you start the Upgrade Assistant from the command line, you can specify additional parameters.

Table 4-4 Upgrade Assistant Command-Line Parameters

Parameter Required or Optional Description

-readiness

Required for readiness checks

Note: Readiness checks cannot be performed on standalone installations (those not managed by the WebLogic Server).

Performs the upgrade readiness check without performing an actual upgrade.

Schemas and configurations are checked.

Do not use this parameter if you have specified the -examine parameter.

-threads

Optional

Identifies the number of threads available for concurrent schema upgrades or readiness checks of the schemas.

The value must be a positive integer in the range 1 to 8. The default is 4.

-response

Required for silent upgrades or silent readiness checks

Runs the Upgrade Assistant using inputs saved to a response file generated from the data that is entered when the Upgrade Assistant is run in GUI mode. Using this parameter runs the Upgrade Assistant in silent mode (without displaying Upgrade Assistant screens).

-examine

Optional

Performs the examine phase but does not perform an actual upgrade.

Do not specify this parameter if you have specified the -readiness parameter.

-logLevel attribute

Optional

Sets the logging level, specifying one of the following attributes:

  • TRACE

  • NOTIFICATION

  • WARNING

  • ERROR

  • INCIDENT_ERROR

The default logging level is NOTIFICATION.

Consider setting the -logLevel TRACE attribute to so that more information is logged. This is useful when troubleshooting a failed upgrade. The Upgrade Assistant's log files can become very large if -logLevel TRACE is used.

-logDir location

Optional

Sets the default location of upgrade log files and temporary files. You must specify an existing, writable directory where the Upgrade Assistant creates log files and temporary files.

The default locations are:

(UNIX)

NEW_ORACLE_HOME/oracle_common/upgrade/logs
NEW_ORACLE_HOME/oracle_common/upgrade/temp

(Windows)

NEW_ORACLE_HOME\oracle_common\upgrade\logs
NEW_ORACLE_HOME\oracle_common\upgrade\temp

-help

Optional

Displays all of the command-line options.

4.5.3 Performing a Readiness Check with the Upgrade Assistant

Navigate through the screens in the Upgrade Assistant to complete the pre-upgrade readiness check.

Readiness checks are performed only on schemas or component configurations that are at a supported upgrade starting point.
To complete the readiness check:
  1. On the Welcome screen, review information about the readiness check. Click Next.
  2. On the Readiness Check Type screen, select the readiness check that you want to perform:
    • Individually Selected Schemas allows you to select individual schemas for review before upgrade. The readiness check reports whether a schema is supported for an upgrade or where an upgrade is needed.

      When you select this option, the screen name changes to Selected Schemas.

    • Domain Based allows the Upgrade Assistant to discover and select all upgrade-eligible schemas or component configurations in the domain specified in the Domain Directory field.

      When you select this option, the screen name changes to Schemas and Configuration.

      Leave the default selection if you want the Upgrade Assistant to check all schemas and component configurations at the same time, or select a specific option:
      • Include checks for all schemas to discover and review all components that have a schema available to upgrade.

      • Include checks for all configurations to review component configurations for a managed WebLogic Server domain.

    Click Next.

  3. If you selected Individually Selected Schemas: On the Available Components screen, select the components that have a schema available to upgrade for which you want to perform a readiness check.
    If you selected Domain Based: On the Component List screen, review the list of components that are present in your domain for which you want to perform a readiness check.
    If you select a component that has dependent components, those components are automatically selected. For example, if you select Oracle Platform Security Services, Oracle Audit Services is automatically selected.

    Depending on the components you select, additional screens may display. For example, you may need to:

    • Specify the domain directory.

      Ensure that you specify the 11.1.2.3.0 domain directory.

    • Specify schema credentials to connect to the selected schema: Database Type, DBA User Name, and DBA Password. Then click Connect.

      Note:

      Oracle database is the default database type. Make sure that you select the correct database type before you continue. If you discover that you selected the wrong database type, do not go back to this screen to change it to the correct type. Instead, close the Upgrade Assistant and restart the readiness check with the correct database type selected to ensure that the correct database type is applied to all schemas.
    • Select the Schema User Name option and specify the Schema Password.

    Click Next to start the readiness check.
  4. On the Readiness Summary screen, review the summary of the readiness checks that will be performed based on your selections.
    If you want to save your selections to a response file to run the Upgrade Assistant again later in response (or silent) mode, click Save Response File and provide the location and name of the response file. A silent upgrade performs exactly the same function that the Upgrade Assistant performs, but you do not have to manually enter the data again.
    For a detailed report, click View Log.
    Click Next.
  5. On the Readiness Check screen, review the status of the readiness check. The process can take several minutes.
    If you are checking multiple components, the progress of each component displays in its own progress bar in parallel.
    When the readiness check is complete, click Continue.
  6. On the End of Readiness screen, review the results of the readiness check (Readiness Success or Readiness Failure):
    • If the readiness check is successful, click View Readiness Report to review the complete report. Oracle recommends that you review the Readiness Report before you perform the actual upgrade even when the readiness check is successful. Use the Find option to search for a particular word or phrase within the report. The report also indicates where the completed Readiness Check Report file is located.

    • If the readiness check encounters an issue or error, click View Log to review the log file, identify and correct the issues, and then restart the readiness check. The log file is managed by the command-line options you set.

4.5.4 Understanding the Readiness Report

After performing a readiness check for your domain, review the report to determine whether you need to take any action for a successful upgrade.

The format of the readiness report file is:

readiness_timestamp.txt

where timestamp indicates the date and time of when the readiness check was run.

A readiness report contains the following information:

Table 4-5 Readiness Report Elements

Report Information Description Required Action
Overall Readiness Status: SUCCESS or FAILURE The top of the report indicates whether the readiness check passed or completed with one or more errors. If the report completed with one or more errors, search for FAIL and correct the failing issues before attempting to upgrade. You can re-run the readiness check as many times as necessary before an upgrade.

Timestamp

The date and time that the report was generated.

No action required.

Log file location

NEW_ORACLE_HOME/oracle_common/upgrade/logs

The directory location of the generated log file.

No action required.

Readiness report location

NEW_ORACLE_HOME/oracle_common/upgrade/logs

The directory location of the generated readiness report.

No action required.

Names of components that were checked

The names and versions of the components included in the check and status.

If your domain includes components that cannot be upgraded to this release, such as SOA Core Extension, do not attempt an upgrade.

Names of schemas that were checked

The names and current versions of the schemas included in the check and status.

Review the version numbers of your schemas. If your domain includes schemas that cannot be upgraded to this release, do not attempt an upgrade.

Individual Object Test Status: FAIL

The readiness check test detected an issue with a specific object.

Do not upgrade until all failed issues have been resolved.

Individual Object Test Status: PASS

The readiness check test detected no issues for the specific object.

If your readiness check report shows only the PASS status, you can upgrade your environment. Note, however, that the Readiness Check cannot detect issues with externals such as hardware or connectivity during an upgrade. You should always monitor the progress of your upgrade.

Completed Readiness Check of <Object> Status: FAILURE The readiness check detected one or more errors that must be resolved for a particular object such as a schema, an index, or datatype. Do not upgrade until all failed issues have been resolved.
Completed Readiness Check of <Object> Status: SUCCESS The readiness check test detected no issues. No action required.
Here is a sample Readiness Report file. Your report may not include all of these checks.
Upgrade readiness check completed with one or more errors.

This readiness check report was created on Tue May 30 11:15:52 EDT 2016
Log file is located at: NEW_ORACLE_HOME/oracle_common/upgrade/logs/ua2016-05-30-11-14-06AM.log
Readiness Check Report File: NEW_ORACLE_HOME/oracle_common/upgrade/logs/readiness2016-05-30-11-15-52AM.txt

Starting readiness check of components.

Oracle Metadata Services
   Starting readiness check of Oracle Metadata Services.
     Schema User Name: DEV11_MDS
     Database Type: Oracle Database
     Database Connect String: machinename@yourcompany.com
     VERSION Schema DEV11_MDS is currently at version 12.1.1.1.0.  Readiness checks will now be performed.
   Starting schema test:  TEST_REQUIRED_TABLES  Test that the schema contains all the required tables
   Completed schema test: TEST_REQUIRED_TABLES --> Test that the schema contains all the required tables +++ PASS
   Starting schema test:  TEST_REQUIRED_PROCEDURES  Test that the schema contains all the required stored procedures
     EXCEPTION     Schema is missing a required procedure: GETREPOSITORYFEATURES
   Completed schema test: TEST_REQUIRED_PROCEDURES --> Test that the schema contains all the required stored procedures +++ FAIL
   Starting schema test:  TEST_REQUIRED_VIEWS  Test that the schema contains all the required database views
   Completed schema test: TEST_REQUIRED_VIEWS --> Test that the schema contains all the required database views +++ PASS
   Starting index test for table MDS_ATTRIBUTES:  TEST_REQUIRED_INDEXES --> Test that the table contains all the required indexes
   Completed index test for table MDS_ATTRIBUTES: TEST_REQUIRED_INDEXES --> Test that the table contains all the required indexes +++ PASS
   Starting index test for table MDS_COMPONENTS:  TEST_REQUIRED_INDEXES --> Test that the table contains all the required indexes
   Completed index test for table MDS_TXN_LOCKS: TEST_REQUIRED_INDEXES --> Test that the table contains all the required indexes +++ PASS
   Starting schema test:  TEST_REQUIRED_TRIGGERS  Test that the schema has all the required triggers
   Completed schema test: TEST_REQUIRED_TRIGGERS --> Test that the schema has all the required triggers +++ PASS
   Starting schema test:  TEST_MISSING_COLUMNS  Test that tables and views are not missing any required columns
   Completed schema test: TEST_MISSING_COLUMNS --> Test that tables and views are not missing any required columns +++ PASS
   Starting schema test:  TEST_UNEXPECTED_TABLES  Test that the schema does not contain any unexpected tables
   Completed schema test: TEST_UNEXPECTED_TABLES --> Test that the schema does not contain any unexpected tables +++ PASS
   Starting schema test:  TEST_UNEXPECTED_PROCEDURES  Test that the schema does not contain any unexpected stored procedures
   Completed schema test: TEST_UNEXPECTED_PROCEDURES --> Test that the schema does not contain any unexpected stored procedures +++ PASS
   Starting schema test:  TEST_UNEXPECTED_VIEWS  Test that the schema does not contain any unexpected views
   Completed schema test: TEST_UNEXPECTED_VIEWS --> Test that the schema does not contain any unexpected views +++ PASS
   Starting index test for table MDS_ATTRIBUTES:  TEST_UNEXPECTED_INDEXES --> Test that the table does not contain any unexpected indexes
   Completed index test for table MDS_ATTRIBUTES: TEST_UNEXPECTED_INDEXES --> Test that the table does not contain any unexpected indexes +++ PASS
   Completed index test for table MDS_LABELS: TEST_UNEXPECTED_INDEXES --> Test that the table does not contain any unexpected indexes +++ PASS
   Starting index test for table MDS_LARGE_ATTRIBUTES:  TEST_UNEXPECTED_INDEXES --> Test that the table does not contain any unexpected indexes
   Starting schema test:  TEST_UNEXPECTED_TRIGGERS  Test that the schema does not contain any unexpected triggers
   Completed schema test: TEST_UNEXPECTED_TRIGGERS --> Test that the schema does not contain any unexpected triggers +++ PASS
   Starting schema test:  TEST_UNEXPECTED_COLUMNS  Test that tables and views do not contain any unexpected columns
   Completed schema test: TEST_UNEXPECTED_COLUMNS --> Test that tables and views do not contain any unexpected columns +++ PASS
   Starting datatype test for table MDS_ATTRIBUTES:  TEST_COLUMN_DATATYPES_V2 --> Test that all table columns have the proper datatypes
   Completed datatype test for table MDS_ATTRIBUTES: TEST_COLUMN_DATATYPES_V2 --> Test that all table columns have the proper datatypes +++ PASS
   Starting datatype test for table MDS_COMPONENTS:  TEST_COLUMN_DATATYPES_V2 --> Test that all table columns have the proper datatypes
   Starting permissions test:  TEST_DBA_TABLE_GRANTS  Test that DBA user has privilege to view all user tables
   Completed permissions test: TEST_DBA_TABLE_GRANTS --> Test that DBA user has privilege to view all user tables +++ PASS
   Starting schema test:  TEST_ENOUGH_TABLESPACE  Test that the schema tablespaces automatically extend if full
   Completed schema test: TEST_ENOUGH_TABLESPACE --> Test that the schema tablespaces automatically extend if full +++ PASS
   Starting schema test:  TEST_USER_TABLESPACE_QUOTA  Test that tablespace quota for this user is sufficient to perform the upgrade
   Completed schema test: TEST_USER_TABLESPACE_QUOTA --> Test that tablespace quota for this user is sufficient to perform the upgrade +++ PASS
   Starting schema test:  TEST_ONLINE_TABLESPACE  Test that schema tablespaces are online
   Completed schema test: TEST_ONLINE_TABLESPACE --> Test that schema tablespaces are online +++ PASS
   Starting schema test:  TEST_DATABASE_VERSION  Test that the database server version number is supported for upgrade
     INFO   Database product version: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
   Completed schema test: TEST_DATABASE_VERSION --> Test that the database server version number is supported for upgrade +++ PASS
   Finished readiness check of Oracle Metadata Services with status: FAILURE.

If you are running the 12.1.3.0 version of Oracle Fusion Middleware IAU Schemas, and those schemas were upgraded from 11g (11.1.1.7 and later) or 12c (12.1.2.0), your readiness check may fail with the following error:

Note:

This is not applicable for Oracle Identity and Access Management.
Starting index test for table IAU_COMMON:  TEST_REQUIRED_INDEXES --> Test 
that the table contains all the required indexes 
     INFO Audit schema index DYN_EVENT_CATEGORY_INDEX in table IAU_COMMON is 
missing the required columns or index itself is missing. This maybe caused by 
a known issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_EVENT_TYPE_INDEX in table IAU_COMMON is 
missing the required columns or index itself is missing. This maybe caused by 
a known issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_TENANT_INDEX in table IAU_COMMON is missing 
the required columns or index itself is missing. This maybe caused by a known 
issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_USER_INDEX in table IAU_COMMON is missing 
the required columns or index itself is missing. This maybe caused by a known 
issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_COMPONENT_TYPE_INDEX in table IAU_COMMON is 
missing the required columns or index itself is missing. This maybe caused by 
a known issue, anyway, this missing index will be added in 12.2.2 upgrade. 
     INFO Audit schema index DYN_USER_TENANT_INDEX in table IAU_COMMON is 
missing the required columns or index itself is missing. This maybe caused by 
a known issue, anyway, this missing index will be added in 12.2.2 upgrade. 
   Completed index test for table IAU_COMMON: TEST_REQUIRED_INDEXES --> Test 
that the table contains all the required indexes +++ FAIL

Note:

You can ignore the missing index error in the readiness report. This is a known issue. The corresponding missing index is added during the schema upgrade operation. This error does not occur if the schema to be upgraded was created in 12c using the RCU.

4.6 Creating the Required 12c Schemas Using RCU (Optional)

When upgrading from 11g, you must create the required 12c schemas. You can use the Repository Creation Utility (RCU) to create customized schemas or, optionally, you can use the Upgrade Assistant to create schemas using the default schema settings. This procedure describes how to create schemas using the RCU. Information about using the Upgrade Assistant to create schemas is covered in the upgrade procedures.

Note:

This step is not required for non-SSL setup, as the Upgrade Assistant creates the necessary 12c schemas during the upgrade process.

For SSL enabled setup, you must run the RCU to create the necessary 12c schemas.

Note:

If you are upgrading from a previous 12c release of Oracle Fusion Middleware, you do not need to re-create these schemas if they already exist. Refer to the steps below to identify the existing schemas in your domain.

The following schemas must exist before you upgrade to 12c. If you are upgrading from 11g, and you are not sure which schemas you currently have, refer to the steps below to identify the existing schemas in your domain. You do not need to re-create these schemas if they already exist.

  • Service Table schema (prefix_STB). This schema is new in 12c and is required for domain-based upgrades. It stores basic schema configuration information (for example, schema prefixes and passwords) that can be accessed and used by other Oracle Fusion Middleware components during the domain creation. This schema is automatically created when you run the Repository Creation Utility (RCU), where you specify the existing schema owner prefix that you used for your other 11g schemas.

    Note:

    If the Service Table schema does not exist, you may encounter the error message UPGAST-00328 : The schema version registry table does not exist on this database. If that happens it is necessary to create the service table schema in order to run Upgrade Assistant

  • Oracle Platform Security Services (OPSS) schema (prefix_OPSS). This schema is required if you are using an OID-based security store in 11g. This schema is automatically created when you run the Repository Creation Utility (RCU). The only supported LDAP-based OPSS security store is Oracle Internet Directory (OID). An LDAP-based policy store is typically used in production environments. You do not need to reassociate an OID-based security store before upgrade. While the Upgrade Assistant is running, you can select the OPSS schema. The Upgrade Assistant upgrades the OID-based security store automatically.

    Note:

    The 12c OPSS database schema is required so that you can reference the 12c schema during the reconfiguration of the domain. Your domain continues to use the OID-based security store after the upgrade is complete.

To create the 12c schemas with the RCU:
  1. (Optional) If you are upgrading from 11g, and you wish to confirm the schemas which are present in your existing domain, then connect to the database as a user with DBA privileges, and run the following code from SQL*Plus:
    SET LINE 120
    COLUMN MRC_NAME FORMAT A14
    COLUMN COMP_ID FORMAT A20
    COLUMN VERSION FORMAT A12
    COLUMN STATUS FORMAT A9
    COLUMN UPGRADED FORMAT A8
    SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID ;
    
  2. Verify that a certified JDK already exists on your system by running java -version from the command line. For 12c (12.2.1.3.0), the certified JDK is 1.8.0_131 and later.
    Ensure that the JAVA_HOME environment variable is set to the location of the certified JDK. For example:
    • (UNIX) setenv JAVA_HOME /home/Oracle/Java/jdk1.8.0_131
    • (Windows) set JAVA_HOME=C:\home\Oracle\Java\jdk1.8.0_131
    Add $JAVA_HOME/bin to $PATH.
  3. Go to the oracle_common/bin directory:
    • (UNIX) NEW_ORACLE_HOME/oracle_common/bin
    • (Windows) NEW_ORACLE_HOME\oracle_common\bin
  4. Start the RCU:
    • (UNIX) ./rcu
    • (Windows) rcu.bat
  5. On the Welcome screen, click Next.
  6. On the Create Repository screen, select Create Repository and then select System Load and Product Load.
    If you do not have DBA privileges, select Prepare Scripts for System Load. This will generate a SQL script containing all the same SQL statements and blocks that would have been called if the RCU were to execute the actions for the selected components. After the script is generated, a user with the necessary SYS or SYSDBA privileges can execute the script to complete the system load phase.

    Click Next.

  7. On the Database Connection Details screen, select the Database Type and enter the connection information for the database that hosts the 11g schemas. See the pertinent table below.

    Table 4-6 Connection Credentials for Oracle Databases and Oracle Databases with Edition-Based Redefinition

    Option Description and Example
    Host Name

    Specify the name of the server where your database is running in the following format:

    examplehost.exampledomain.com

    For Oracle RAC databases, specify the VIP name or one of the node names in this field.

    Port

    Specify the port number for your database. The default port number for Oracle databases is 1521.

    Service Name

    Specify the service name for the database. Typically, the service name is the same as the global database name.

    For Oracle RAC databases, specify the service name of one of the nodes in this field. For example:

    orcl.mydomain.com

    Username Enter the user name for your database. The default user name is SYS.
    Password Enter the password for your database user.
    Role

    Select the database user's role from the drop-down list:

    Normal or SYSDBA

  8. On the Select Components screen, select Select existing prefix and select the prefix that was used to create the existing 11g schemas from the drop-down menu (for example, DEV11G). This prefix is used to logically group schemas together for use in this domain. Select the following schemas:
    • If you are upgrading an SSL enabled setup, select the following schemas:

      • User Messaging Service (prefix_UMS)

      • Weblogic Services (prefix_WLS)

      • Audit services (prefix_IAU_APPEND and prefix_IAU_VIEWER)

      Note:

      The Common Infrastructure Services (prefix_STB) is selected by default. IAU is greyed out if 11g is configured for Audit Data Store).

    • If you are upgrading a non-SSL enabled setup, select the following schemas:

      • Weblogic Services (prefix_WLS)

      • Audit services (prefix_IAU_APPEND and prefix_IAU_VIEWER)

      Note:

      The Common Infrastructure Services (prefix_STB) is selected by default. IAU is greyed out if 11g is configured for Audit Data Store).

    Note:

    The Common Infrastructure Services (prefix_STB) and Oracle Platform Security Services (prefix_OPSS) schemas are selected by default if they have not yet been created.

    Make a note of the prefix and schema names for the components you are installing as you will need this information when you configure the installation. Click Next.
  9. In the Checking Prerequisites dialog, verify that the prerequisites check is successful, then click OK.
  10. On the Schema Passwords screen, specify the passwords for your schema owners.
    Make a note of the passwords you enter on this screen as you will need this information while configuring your product installation.
  11. On the Map Tablespaces screen, configure the required tablespace mapping for the schemas you want to create.
    Click Next, then click OK in the confirmation dialog. When the progress dialog shows the tablespace creation is complete, click OK.
    You see the Encrypt Tablespace check box only if you have enabled Transparent Data Encryption (TDE) in the database (Oracle or Oracle EBR) when you start the RCU. Select the Encrypt Tablespace check box on the Map Tablespaces screen to encrypt all new tablespaces that the RCU creates.
  12. Verify the information on the Summary screen and click Create to begin schema creation.
    This screen contains information about the log files that were created from this RCU operation. Click on the name of a particular log file to view the contents of that file.
  13. Review the information on the Completion Summary screen to verify that the operation is completed successfully. Click Close to complete the schema creation.

4.7 Tuning Database Parameters for Oracle Identity Manager

Before you upgrade the schemas, you must tune the Database parameters for Oracle Identity Manager.

See Tuning Database Parameters for Oracle Identity Governance in Oracle Fusion Middleware Tuning Performance.

4.8 Stopping Servers and Processes

Before you run the Upgrade Assistant to upgrade your schemas and configurations, you must shut down all of the pre-upgrade processes and servers, including the Administration Server and any managed servers.

An Oracle Fusion Middleware environment can consist of an Oracle WebLogic Server domain, an Administration Server, multiple managed servers, Java components, system components such as Identity Management components, and a database used as a repository for metadata. The components may be dependent on each other, so they must be stopped in the correct order.

Note:

The procedures in this section describe how to stop the existing, pre-upgrade servers and processes using the WLST command-line utility or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Administration Console. See Starting and Stopping Administration and Managed Servers and Node Manager.

Note:

Stop all of the servers in your deployment, except for the Database. The Database must be up during the upgrade process.

To stop your pre-upgrade Fusion Middleware environment, navigate to the pre-upgrade domain and follow the steps below.

Step 1: Stop System Components

To stop system components, such as Oracle HTTP Server, use the opmnctl script:

  • (UNIX) OHS_INSTANCE_HOME/bin/opmnctl stopall

  • (Windows) OHS_INSTANCE_HOME\bin\opmnctl stopall

You can stop system components in any order.

Step 2: Stop the Managed Servers

To stop a WebLogic Server Managed Server, use the stopManagedWebLogic script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/stopManagedWebLogic.sh managed_server_name admin_url

  • (Windows) EXISTING_DOMAIN_HOME\bin\stopManagedWebLogic.cmd managed_server_name admin_url

When prompted, enter your user name and password.

Step 3: Stop the Administration Server

When you stop the Administration Server, you also stop the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control.

To stop the Administration Server, use the stopWebLogic script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/stopWebLogic.sh

  • (Windows) EXISTING_DOMAIN_HOME\bin\stopWebLogic.cmd

When prompted, enter your user name, password, and the URL of the Administration Server.

Step 4: Stop Node Manager

To stop Node Manager, close the command shell in which it is running.

Alternatively, after having set the nodemanager.properties attribute QuitEnabled to true (the default is false), you can use WLST to connect to Node Manager and shut it down. See stopNodeManager in WLST Command Reference for WebLogic Server.

4.9 Upgrading Product Schemas

After stopping servers and processes, use the Upgrade Assistant to upgrade supported product schemas to the current release of Oracle Fusion Middleware.

The Upgrade Assistant allows you to upgrade individually selected schemas or all schemas associated with a domain. The option you select determines which Upgrade Assistant screens you will use.

Topics:

4.9.1 Applying One-Off Patch Before Upgrading Schemas

Before you upgrade the existing schemas, apply the one off patch 24615124.

You can download the one-off patch 24615124 from My Oracle Support. To do this, go to My Oracle Support and search for patch # 24615124.

4.9.2 Identifying Existing Schemas Available for Upgrade

This optional task enables you to review the list of available schemas before you begin the upgrade by querying the schema version registry. The registry contains schema information such as version number, component name and ID, date of creation and modification, and custom prefix.

You can let the Upgrade Assistant upgrade all of the schemas in the domain, or you can select individual schemas to upgrade. To help decide, follow these steps to view a list of all the schemas that are available for an upgrade:

  1. If you are using an Oracle database, connect to the database by using an acount that has Oracle DBA privileges, and run the following from SQL*Plus:

    SET LINE 120
    COLUMN MRC_NAME FORMAT A14
    COLUMN COMP_ID FORMAT A20
    COLUMN VERSION FORMAT A12
    COLUMN STATUS FORMAT A9
    COLUMN UPGRADED FORMAT A8
    SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID;
    
    
  2. Examine the report that is generated.

    If an upgrade is not needed for a schema, the schema_version_registry table retains the schema at its pre-upgrade version.

  3. Note the schema prefix name that was used for your existing schemas. You will use the same prefix when you create new 12c schemas.

Notes:

  • If your existing schemas are not from a supported version, then you must upgrade them to a supported version before using the 12c (12.2.1.3.0) upgrade procedures. Refer to your pre-upgrade version documentation for more information.

  • Some components, such as Oracle Enterprise Data Quality, Oracle GoldenGate Monitor, and Oracle GoldenGate Veridata, support an upgrade from versions other than the standard Oracle Fusion Middleware supported versions.

  • If you used an OID-based policy store in 11g, make sure to create a new OPSS schema before you perform the upgrade. After the upgrade, the OPSS schema remains an LDAP-based store.

  • You can only upgrade schemas for products that are available for upgrade in Oracle Fusion Middleware release 12c (12.2.1.3.0). Do not attempt to upgrade a domain that includes components that are not yet available for upgrade to 12c (12.2.1.3.0).

4.9.3 Starting the Upgrade Assistant

Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.

To start the Upgrade Assistant:

Note:

Before you start the Upgrade Assistant, make sure that the JVM character encoding is set to UTF-8 for the platform on which the Upgrade Assistant is running. If the character encoding is not set to UTF-8, then you will not be able to download files containing Unicode characters in their names. This can cause the upgrade to fail.

To ensure that UTF-8 is used by the JVM, use the JVM option -Dfile.encoding=UTF-8.

  1. Go to the oracle_common/upgrade/bin directory:
    • (UNIX) NEW_ORACLE_HOME/oracle_common/upgrade/bin
    • (Windows) NEW_ORACLE_HOME\oracle_common\upgrade\bin
  2. Start the Upgrade Assistant:
    • (UNIX) ./ua
    • (Windows) ua.bat

Note:

In the above command, NEW_ORACLE_HOME refers to the 12c Oracle Home.

For information about other parameters that you can specify on the command line, such as logging parameters, see:

4.9.4 Upgrading Oracle Identity Manager Schemas Using the Upgrade Assistant

Navigate through the screens in the Upgrade Assistant to upgrade the product schemas.

Note:

  • If the pre-upgrade environment has Audit schema (IAU), you must first upgrade Audit schema only, using the Individually Selected Schema option on the Selected Schemas screen, and selecting Oracle Audit Services schema. Ensure that you select the appropriate IAU schema from the list of available IAU schemas. The upgrade assistant will not detect the corresponding IAU schema from the provided domain directory automatically. Hence, you must select it manually. Once the IAU schema is upgraded, run the Upgrade Assistant again to upgrade the remaining schemas using the All Schema Used by a domain option on the Selected Schemas screen.

  • If there is no Audit schema (IAU) in your pre-upgrade environment, use the All Schema Used by a Domain option on the Selected Schemas screen and proceed.

  • To check whether the pre-upgrade environment has the IAU schema, run the following SQL command using the user with sysdba privileges:

    select username from dba_users where username like '%IAU%';

    This command lists the IAU schemas available in your configured database.

Note:

For SSL enabled setup, it is mandatory to run the Repository Creation Utility (RCU) to upgrade the existing schemas. For non-SSL enabled setup, running RCU to upgrade schemas is optional.

To upgrade product schemas with the Upgrade Assistant:
  1. On the Welcome screen, review an introduction to the Upgrade Assistant and information about important pre-upgrade tasks. Click Next.

    Note:

    For more information about any Upgrade Assistant screen, click Help on the screen.
  2. On the Selected Schemas screen, select the schema upgrade operation that you want to perform:
    • Individually Selected Schemas if you want to select individual schemas for upgrade and you do not want to upgrade all of the schemas used by the domain.

      Caution:

      Upgrade only those schemas that are used to support your 12c (12.2.1.3.0) components. Do not upgrade schemas that are currently being used to support components that are not included in Oracle Fusion Middleware 12c (12.2.1.3.0).
    • All Schemas Used by a Domain to allow the Upgrade Assistant to discover and select all components that have a schema available to upgrade in the domain specified in the Domain Directory field. This is also known as a domain assisted schema upgrade. Additionally, the Upgrade Assistant pre-populates connection information on the schema input screens.

      Note:

      Oracle recommends that you select All Schemas Used by a Domain for most upgrades to ensure all of the required schemas are included in the upgrade.

    Note:

    If you are upgrading SSL enabled Oracle Identity Manager setup, select Individually Selected Schemas option, and then select Oracle Identity Manager schema only. This automatically selects the dependant schemas. For upgrading SSL enabled setup, you must provide the non-SSL Database connection details on the Schema Credentials screen.

    Click Next.

  3. If you selected Individually Selected Schemas: On the Available Components screen, select the components for which you want to upgrade schemas. When you select a component, the schemas and any dependencies are automatically selected.

    Note:

    For the individual schema option, the domain configuration is not accessed, and therefore password values are carried forward from the previous screen. If you encounter any connection failure, check the cause and fix it.

  4. On the Prerequisites screen, acknowledge that the prerequisites have been met by selecting all the check boxes. Click Next.

    Note:

    The Upgrade Assistant does not verify whether the prerequisites have been met.
  5. On the Schema Credentials screen(s), specify the database connection details for each schema you are upgrading (the screen name changes based on the schema selected):
    • Select the database type from the Database Type drop-down menu.

    • Enter the database connection details, and click Connect.

    • Select the schema you want to upgrade from the Schema User Name drop-down menu, and then enter the password for the schema. Be sure to use the correct schema prefix for the schemas you are upgrading.

      Note:

      The component ID or schema name is changed for UCSUMS schema as of release 12.1.2, which means the Upgrade Assistant does not automatically recognize the possible schemas and display them in a drop-down list. You must manually enter the name in a text field. The name can be either prefix_ORASDPM or prefix_UMS, depending on the starting point for the upgrade.

      11g to 12c Upgrades Only: The UCSUMS schema is not auto-populated. Enter prefix_ORASDPM as the user. The upgrade environment uses _ORASDPM as the schema name, whereas in the 12c environment it is referred to as _UMS.

  6. On the Examine screen, review the status of the Upgrade Assistant as it examines each schema, verifying that the schema is ready for upgrade. If the status is Examine finished, click Next.
    If the examine phase fails, Oracle recommends that you cancel the upgrade by clicking No in the Examination Failure dialog. Click View Log to see what caused the error and refer to Troubleshooting Your Upgrade in Upgrading with the Upgrade Assistant for information on resolving common upgrade errors.

    Note:

    • If you resolve any issues detected during the examine phase without proceeding with the upgrade, you can start the Upgrade Assistant again without restoring from backup. However, if you proceed by clicking Yes in the Examination Failure dialog box, you need to restore your pre-upgrade environment from backup before starting the Upgrade Assistant again.

    • Canceling the examination process has no effect on the schemas or configuration data; the only consequence is that the information the Upgrade Assistant has collected must be collected again in a future upgrade session.

  7. On the Upgrade Summary screen, review the summary of the options you have selected for schema upgrade.
    Verify that the correct Source and Target Versions are listed for each schema you intend to upgrade.
    If you want to save these options to a response file to run the Upgrade Assistant again later in response (or silent) mode, click Save Response File and provide the location and name of the response file. A silent upgrade performs exactly the same function that the Upgrade Assistant performs, but you do not have to manually enter the data again.
    Click Upgrade to start the upgrade process.
  8. On the Upgrade Progress screen, monitor the status of the upgrade.

    Caution:

    Allow the Upgrade Assistant enough time to perform the upgrade. Do not cancel the upgrade operation unless absolutely necessary. Doing so may result in an unstable environment.
    If any schemas are not upgraded successfully, refer to the Upgrade Assistant log files for more information.

    Note:

    The progress bar on this screen displays the progress of the current upgrade procedure. It does not indicate the time remaining for the upgrade.

    Click Next.

  9. If the upgrade is successful: On the Upgrade Success screen, click Close to complete the upgrade and close the wizard.

    If the upgrade fails: On the Upgrade Failure screen, click View Log to view and troubleshoot the errors. The logs are available at ORACLE_HOME/oracle_common/upgrade/logs.

    Note:

    If the upgrade fails, you must restore your pre-upgrade environment from backup, fix the issues, then restart the Upgrade Assistant.

4.9.5 Verifying the Schema Upgrade

After completing all the upgrade steps, verify that the upgrade was successful by checking that the schema version in schema_version_registry has been properly updated.

If you are using an Oracle database, connect to the database as a user having Oracle DBA privileges, and run the following from SQL*Plus to get the current version numbers:

SET LINE 120
COLUMN MRC_NAME FORMAT A14
COLUMN COMP_ID FORMAT A20
COLUMN VERSION FORMAT A12
COLUMN STATUS FORMAT A9
COLUMN UPGRADED FORMAT A8
SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID ;

In the query result:

  • Check that the number in the VERSION column matches the latest version number for that schema. For example, verify that the schema version number is 12.2.1.3.0.

    Note:

    However, that not all schema versions will be updated. Some schemas do not require an upgrade to this release and will retain their pre-upgrade version number.

  • The STATUS field will be either UPGRADING or UPGRADED during the schema patching operation, and will become VALID when the operation is completed.

  • If the status appears as INVALID, the schema update failed. You should examine the logs files to determine the reason for the failure.

  • Synonym objects owned by IAU_APPEND and IAU_VIEWER will appear as INVALID, but that does not indicate a failure.

    They become invalid because the target object changes after the creation of the synonym. The synonyms objects will become valid when they are accessed. You can safely ignore these INVALID objects.

4.10 Tuning Application Module for User Interface

After you upgrade the Oracle Identity Manager middle tier successfully, tune the Application Module (AM) for user interface.

See Tuning Application Module (AM) for User Interface in Oracle Fusion Middleware Tuning Performance.

4.11 About Reconfiguring the Domain

Run the Reconfiguration Wizard to reconfigure your domain component configurations to 12c (12.2.1.3.0).

When you reconfigure a WebLogic Server domain, the following items are automatically updated, depending on the applications in the domain:

  • WebLogic Server core infrastructure

  • Domain version

Note:

Before you begin the domain reconfiguration, note the following limitations:

  • The Reconfiguration Wizard does not update any of your own applications that are included in the domain.

  • Transforming a non-dynamic cluster domain to a dynamic cluster domain during the upgrade process is not supported.

    The dynamic cluster feature is available when running the Reconfiguration Wizard, but Oracle only supports upgrading a non-dynamic cluster upgrade and then adding dynamic clusters. You cannot add dynamic cluster during the upgrade process.

Specifically, when you reconfigure a domain, the following occurs:
  • The domain version number in the config.xml file for the domain is updated to the Administration Server's installed WebLogic Server version.

  • Reconfiguration templates for all installed Oracle products are automatically selected and applied to the domain. These templates define any reconfiguration tasks that are required to make the WebLogic domain compatible with the current WebLogic Server version.

  • Start scripts are updated.

    If you want to preserve your modified start scripts, be sure to back them up before starting the Reconfiguration Wizard.

Note:

When the domain reconfiguration process starts, you can’t undo the changes that it makes. Before running the Reconfiguration Wizard, ensure that you have backed up the domain as covered in the pre-upgrade checklist. If an error or other interruption occurs while running the Reconfiguration Wizard, you must restore the domain by copying the files and directories from the backup location to the original domain directory. This is the only way to ensure that the domain has been returned to its original state before reconfiguration.
Follow these instructions to reconfigure the existing domain using the Reconfiguration Wizard. See Reconfiguring WebLogic Domains in Upgrading Oracle WebLogic Server.

Topics:

4.11.1 Backing Up the Domain

Before running the Reconfiguration Wizard, create a backup copy of the domain directory.

To create a backup of the domain directory:

  1. Copy the source domain to a separate location to preserve the contents.
    (Windows) copy C:\domains\mydomain to C:\domains\mydomain_backup.
    (UNIX) cp mydomain /domains/mydomain_backup
  2. Before updating the domain on each remote Managed Server, create a backup copy of the domain directory on each remote machine.
  3. Verify that the backed up versions of the domain are complete.
If domain reconfiguration fails for any reason, you must copy all files and directories from the backup directory into the original domain directory to ensure that the domain is returned entirely to its original state before reconfiguration.

4.11.2 Starting the Reconfiguration Wizard

Note:

Shut down the administration server and all collocated managed servers before starting the reconfiguration process. See Stopping Servers and Processes.

To start the Reconfiguration Wizard in graphical mode:

  1. Sign in to the system on which the domain resides.
  2. Open the command shell (on UNIX operating systems) or open a command prompt window (on Windows operating systems).
  3. Edition Based Database Users Only: If your schemas are configured with EBR database, a default edition name must be manually supplied before you run the Reconfiguration Wizard.
    Run the following SQL command to set the default edition:

    ALTER DATABASE DEFAULT EDITION = edition_name;

    where edition_name is the child edition name.

  4. Set the environment variable WLS_ALTERNATIVE_TYPES_DIR using the following command:
    • (Non-Bash): setenv WLS_ALTERNATIVE_TYPES_DIR 12c_MW_HOME/idm/server/loginmodule/wls

    • (Bash):export WLS_ALTERNATIVE_TYPES_DIR=12c_MW_Home/idm/server/loginmodule/wls

  5. Go to the oracle_common/common/bin directory:
    • (UNIX) NEW_ORACLE_HOME/oracle_common/common/bin
    • (Windows) NEW_ORACLE_HOME\oracle_common\commom\bin
  6. Start the Reconfiguration Wizard with the following logging options:
    • (UNIX) ./reconfig.sh -log=log_file -log_priority=ALL
    • (Windows) reconfig.cmd -log=log_file -log_priority=ALL

    where log_file is the absolute path of the log file you'd like to create for the domain reconfiguration session. This can be helpful if you need to troubleshoot the reconfiguration process.

    The parameter -log_priority=ALL ensures that logs are logged in fine mode.

    Note:

    When you run this command, the following error message might appear to indicate that the default cache directory is not valid:

    *sys-package-mgr*: can't create package cache dir
    

    You can change the cache directory by setting the environment variable CONFIG_JVM_ARGS. For example:

    CONFIG_JVM_ARGS=-Dpython.cachedir=valid_directory

    Note:

    In this section, NEW_ORACLE_HOME refers to the 12c Oracle Home.

4.11.3 Reconfiguring the Oracle Identity Manager Domain

Navigate through the screens in the Reconfiguration Wizard to reconfigure your existing domain.

Note:

If the source is a clustered environment, run the Reconfiguration Wizard on the primary node only. Use the pack/unpack utility to apply the changes to other cluster members in the domain.
To reconfigure the domain with the Reconfiguration Wizard:
  1. On the Select Domain screen, specify the location of the domain you want to upgrade or click Browse to navigate and select the domain directory. Click Next.
  2. On the Reconfiguration Setup Progress screen, view the progress of the setup process. When complete, click Next.
    During this process:
    • The reconfiguration templates for your installed products, including Fusion Middleware products, are automatically applied. This updates various domain configuration files such as config.xmlconfig-groups.xml, and security.xml (among others).

    • Schemas, scripts, and other such files that support your Fusion Middleware products are updated.

    • The domain upgrade is validated.

  3. On the Domain Mode and JDK screen, select the JDK to use in the domain or click Browse to navigate to the JDK you want to use. The supported JDK version for 12c (12.2.1.3.0) is 1.8.0_131 and later. Click Next.

    Note:

    You cannot change the Domain Mode at this stage.
    For a list of JDKs that are supported for a specific platform, see Oracle Fusion Middleware Supported System Configurations.
  4. On the Database Configuration Type screen, select RCU Data to connect to the Server Table (_STB) schema.
    Enter the database connection details using the RCU service table (_STB) schema credentials and click Get RCU Configuration.
    The Reconfiguration Wizard uses this connection to automatically configure the data sources required for components in your domain.

    Note:

    By default Oracle’s Driver (Thin) for Service connections; Versions: Any is the selected driver. If you specified an instance name in your connection details — instead of the service name — you must select Oracle’s Driver (Thin) for pooled instance connections; Versions: Any If you do not change the driver type, then the connection will fail.

    Note:

    For any existing 11g datasource, the reconfiguration will preserve the existing values. For new datasources where the schema was created for 12c by the RCU, the default connection data will be retrieved from the _STB schema. If no connection data for a given schema is found in the _STB schema, then the default connection data is used.
    If the check is successful, click Next. If the check fails, reenter the connection details correctly and try again.

    Note:

    If you are upgrading from 11g, and your database has _OPSS or _IAU 11g database schemas, you must manually enter database connection details for those schemas. These schemas were not required in 11g and had to be created manually. Users could assign any name to these schemas, therefore the Reconfiguration Wizard does not recognize them. When providing connection information for _IAU, use the IAU_APPEND user information.
  5. On the JDBC Component Schema screen, verify that the DBMS/Service and the Host name is correct for each component schema and click Next.

    Note:

    For all of the schemas except for OPSS, the host, port, and service details will be auto-populated. You must enter the OPSS schema credentials manually.

  6. On the JDBC Component Schema Test screen, the component schema connections are testes. The result of the test is indicated in the Status column.
    When the check is complete, click Next.
  7. On the Node Manager screen, go for the default option or select Create New Configuration for configuring Node Manager per your requirement. In both the cases, specify the WebLogic Administration user credentials for Node Manager details.
  8. On the Advanced Configuration screen, you can select all categories for which you want to perform advanced configuration. For each category you select, the appropriate configuration screen is displayed to allow you to perform advanced configuration.

    Note:

    The categories that are listed on the Advanced Configuration screen depend on the resources defined in the templates you selected for the domain.
    For this upgrade, select none of the options and click Next.
  9. On the Configuration Summary screen, review the detailed configuration settings of the domain before continuing.
    You can limit the items that are displayed in the right-most panel by selecting a filter option from the View drop-down list.
    To change the configuration, click Back to return to the appropriate screen. To reconfigure the domain, click Reconfig.

    Note:

    The location of the domain does not change when you reconfigure it.
  10. The Reconfiguration Progress screen displays the progress of the reconfiguration process.
    During this process:
    • Domain information is extracted, saved, and updated.

    • Schemas, scripts, and other such files that support your Fusion Middleware products are updated.

    When the progress bar shows 100%, click Next.
  11. The End of Configuration screen indicates whether the reconfiguration process completed successfully or failed. It also displays the location of the domain that was reconfigured as well as the Administration Server URL (including the listen port). If the reconfiguration is successful, it displays Oracle WebLogic Server Reconfiguration Succeeded.
    If the reconfiguration process did not complete successfully, an error message is displayed indicates the reason. Take appropriate action to resolve the issue. If you cannot resolve the issue, contact My Oracle Support.
    Note the Domain Location and the Admin Server URL for further operations.

4.12 Upgrading Domain Component Configurations

After reconfiguring the domain, use the Upgrade Assistant to upgrade the domain component configurations inside the domain to match the updated domain configuration.

Topics:

4.12.1 Starting the Upgrade Assistant

Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.

To start the Upgrade Assistant:

Note:

Before you start the Upgrade Assistant, make sure that the JVM character encoding is set to UTF-8 for the platform on which the Upgrade Assistant is running. If the character encoding is not set to UTF-8, then you will not be able to download files containing Unicode characters in their names. This can cause the upgrade to fail.

To ensure that UTF-8 is used by the JVM, use the JVM option -Dfile.encoding=UTF-8.

  1. Go to the oracle_common/upgrade/bin directory:
    • (UNIX) NEW_ORACLE_HOME/oracle_common/upgrade/bin
    • (Windows) NEW_ORACLE_HOME\oracle_common\upgrade\bin
  2. Start the Upgrade Assistant:
    • (UNIX) ./ua
    • (Windows) ua.bat

Note:

In the above command, NEW_ORACLE_HOME refers to the 12c Oracle Home.

For information about other parameters that you can specify on the command line, such as logging parameters, see:

Topics:

4.12.1.1 Upgrade Assistant Parameters

When you start the Upgrade Assistant from the command line, you can specify additional parameters.

Table 4-7 Upgrade Assistant Command-Line Parameters

Parameter Required or Optional Description

-readiness

Required for readiness checks

Note: Readiness checks cannot be performed on standalone installations (those not managed by the WebLogic Server).

Performs the upgrade readiness check without performing an actual upgrade.

Schemas and configurations are checked.

Do not use this parameter if you have specified the -examine parameter.

-threads

Optional

Identifies the number of threads available for concurrent schema upgrades or readiness checks of the schemas.

The value must be a positive integer in the range 1 to 8. The default is 4.

-response

Required for silent upgrades or silent readiness checks

Runs the Upgrade Assistant using inputs saved to a response file generated from the data that is entered when the Upgrade Assistant is run in GUI mode. Using this parameter runs the Upgrade Assistant in silent mode (without displaying Upgrade Assistant screens).

-examine

Optional

Performs the examine phase but does not perform an actual upgrade.

Do not specify this parameter if you have specified the -readiness parameter.

-logLevel attribute

Optional

Sets the logging level, specifying one of the following attributes:

  • TRACE

  • NOTIFICATION

  • WARNING

  • ERROR

  • INCIDENT_ERROR

The default logging level is NOTIFICATION.

Consider setting the -logLevel TRACE attribute to so that more information is logged. This is useful when troubleshooting a failed upgrade. The Upgrade Assistant's log files can become very large if -logLevel TRACE is used.

-logDir location

Optional

Sets the default location of upgrade log files and temporary files. You must specify an existing, writable directory where the Upgrade Assistant creates log files and temporary files.

The default locations are:

(UNIX)

NEW_ORACLE_HOME/oracle_common/upgrade/logs
NEW_ORACLE_HOME/oracle_common/upgrade/temp

(Windows)

NEW_ORACLE_HOME\oracle_common\upgrade\logs
NEW_ORACLE_HOME\oracle_common\upgrade\temp

-help

Optional

Displays all of the command-line options.

4.12.2 Upgrading Oracle Identity Manager Domain Component Configurations

Navigate through the screens in the Upgrade Assistant to upgrade component configurations in the WebLogic domain.

After running the Reconfiguration Wizard to reconfigure the WebLogic domain to 12c (12.2.1.3.0), you must run the Upgrade Assistant to upgrade the domain component configurations to match the updated domain configuration.

To upgrade domain component configurations with the Upgrade Assistant:
  1. On the Welcome screen, review an introduction to the Upgrade Assistant and information about important pre-upgrade tasks. Click Next.

    Note:

    For more information about any Upgrade Assistant screen, click Help on the screen.
  2. On the next screen:
    • Select All Configurations Used By a Domain. The screen name changes to WebLogic Components.

    • In the Domain Directory field, enter the WebLogic domain directory path.

    Click Next.

  3. If your pre-upgrade environment has multiple WebLogic domains, but the Oracle Web Services Manager (OWSM) Policy Manager is in only one domain, and OWSM agents are in the other domains: On the OWSM Policy Manager screen, provide the credentials for the WebLogic Administration Server domain where the Oracle Web Services Manager (OWSM) Policy Manager is deployed.
  4. On the Component List screen, verify that the list includes all the components for which you want to upgrade configurations and click Next.
    If you do not see the components you want to upgrade, click Back to go to the previous screen and specify a different domain.
  5. On the Prerequisites screen, acknowledge that the prerequisites have been met by selecting all the check boxes. Click Next.

    Note:

    The Upgrade Assistant does not verify whether the prerequisites have been met.
  6.  If there are remote managed servers hosting User Messaging Services (UMS) configuration files: On the UMS Configuration screen, provide the credentials to these servers so that the Upgrade Assistant can access the configuration files.

    Note:

    You may need to manually copy the UMS configuration files if the Upgrade Assistant is unable to locate them. See Error while Copying User Messaging Service (UMS) Configuration Files.
  7. On the Old(i.e 11g) OIM Home Location screen, select 11g Source, and specify the absolute path to the 11.1.2.3.0 OIM Oracle Home.
    Click Next.
  8. On the Examine screen, review the status of the Upgrade Assistant as it examines each component, verifying that the component configuration is ready for upgrade. If the status is Examine finished, click Next.
    If the examine phase fails, Oracle recommends that you cancel the upgrade by clicking No in the Examination Failure dialog. Click View Log to see what caused the error and refer to Troubleshooting Your Upgrade in Upgrading with the Upgrade Assistant for information on resolving common upgrade errors.

    Note:

    • If you resolve any issues detected during the examine phase without proceeding with the upgrade, you can start the Upgrade Assistant again without restoring from backup. However, if you proceed by clicking Yes in the Examination Failure dialog box, you need to restore your pre-upgrade environment from backup before starting the Upgrade Assistant again.

    • Canceling the examination process has no effect on the configuration data; the only consequence is that the information the Upgrade Assistant has collected must be collected again in a future upgrade session.

  9. On the Upgrade Summary screen, review the summary of the options you have selected for component configuration upgrade.
    The response file collects and stores all the information that you have entered, and enables you to perform a silent upgrade at a later time. The silent upgrade performs exactly the same function that the Upgrade Assistant performs, but you do not have to manually enter the data again. If you want to save these options to a response file, click Save Response File and provide the location and name of the response file.
    Click Upgrade to start the upgrade process.
  10. On the Upgrade Progress screen, monitor the status of the upgrade.

    Caution:

    Allow the Upgrade Assistant enough time to perform the upgrade. Do not cancel the upgrade operation unless absolutely necessary. Doing so may result in an unstable environment.
    If any components are not upgraded successfully, refer to the Upgrade Assistant log files for more information.

    Note:

    The progress bar on this screen displays the progress of the current upgrade procedure. It does not indicate the time remaining for the upgrade.

    Click Next.

  11. If the upgrade is successful: On the Upgrade Success screen, click Close to complete the upgrade and close the wizard. The Post-Upgrade Actions window describes the manual tasks you must perform to make components functional in the new installation. This window appears only if a component has post-upgrade steps.
    If the upgrade fails: On the Upgrade Failure screen, click View Log to view and troubleshoot the errors. The logs are available at NEW_ORACLE_HOME/oracle_common/upgrade/logs.

    Note:

    If the upgrade fails you must restore your pre-upgrade environment from backup, fix the issues, then restart the Upgrade Assistant.

4.12.3 Verifying the Domain-Specific-Component Configurations Upgrade

To verify that the domain-specific-component configurations upgrade was successful, sign in to the Administration console and the Oracle Enterprise Manager Fusion Middleware Control and verify that the version numbers for each component is 12.2.1.3.0.

To sign in to the Administration Console, go to: http://administration_server_host:administration_server_port/console

To sign in to Oracle Enterprise Manager Fusion Middleware Control Console, go to: http://administration_server_host:administration_server_port/em

Note:

After upgrade, make sure you run the administration tools from the new 12c Oracle home directory and not from the previous Oracle home directory.

During the upgrade process, some OWSM documents, including policy sets and predefined documents such as policies and assertion templates, may need to be upgraded. If a policy set or a predefined document is upgraded, its version number is incremented by 1.

4.13 Starting the Servers

After you upgrade Oracle Identity Manager, start the servers.

You must start the servers in the following order:
  1. Start the Administration Server.
  2. Start the Oracle SOA Suite Managed Server with the Administration Server URL, and the BPM property set to TRUE. For example:
    ./startManagedWebLogic.sh soa_server1 t3://weblogic_admin_host:weblogic_admin_port —Dbpm.enabled=true
  3. Once the SOA server is in running state, start the Oracle Identity Manager Managed Server with the Administration Server URL.
    This time, OIM bootstrap process will be executed, and after successful bootstrap, OIM Managed Server will be shut down automatically.
  4. Shut down the SOA Managed Server and the Administration Server.
  5. Start the Node Manager.
  6. Start the Administration Server.
  7. Start the Oracle SOA Suite Managed Server (without BPM property) and Oracle Identity Manager Managed Servers.

For more information about starting the servers and processes, see Starting Servers and Processes.

For more information about stopping the servers and processes, see Stopping Servers and Processes.

Topics:

4.13.1 Starting Servers and Processes

After a successful upgrade, start all processes and servers, including the Administration Server and any Managed Servers.

The components may be dependent on each other so they must be started in the correct order.

Note:

The procedures in this section describe how to start servers and process using the WLST command line or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Administration Console. See Starting and Stopping Administration and Managed Servers and Node Manager in Administering Oracle Fusion Middleware.

To start your Fusion Middleware environment, follow the steps below.

Step 1: Start the Administration Server

When you start the Administration Server, you also start the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control.

To start the Administration Server, use the startWebLogic script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/startWebLogic.sh

  • (Windows) EXISTING_DOMAIN_HOME\bin\startWebLogic.cmd

When prompted, enter your user name, password, and the URL of the Administration Server.

Step 2: Start Node Manager

To start Node Manager, use the startNodeManager script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/startNodeManager.sh

  • (Windows) EXISTING_DOMAIN_HOME\bin\startNodeManager.cmd

Step 4: Start the Managed Servers

To start a WebLogic Server Managed Server, use the startManagedWebLogic script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/startManagedWebLogic.sh managed_server_name admin_url

  • (Windows) EXISTING_DOMAIN_HOME\bin\startManagedWebLogic.cmd managed_server_name admin_url

When prompted, enter your user name and password.

Note:

The startup of a Managed Server will typically start the applications that are deployed to it. Therefore, it should not be necessary to manually start applications after the Managed Server startup.

Step 5: Start System Components

To start system components, such as Oracle HTTP Server, use the startComponent script:

  • (UNIX) OHS_INSTANCE_HOME/bin opmnctl startall

  • (Windows) OHS_INSTANCE_HOME\bin opmnctl startall

You can start system components in any order.

4.14 Upgrading Oracle Identity Manager Design Console

Upgrade the Oracle Identity Manager Design Console after you upgrade the Oracle Identity Manager (OIM) domain component configurations.

To upgrade the Oracle Identity Manager Design Console, complete the following steps:
  1. Replace the 11.1.2.3.0 designconsole/config/xlconfig.xml with the 12c (12.2.1.3.0) designconsole/config/xlconfig.xml file.
  2. If the host name and the port of the OIM Managed Server has changed, update the URL in the Design Console’s start window accordingly.

4.15 Completing the Post-Upgrade Tasks for SSL Enabled Setup

If you are upgrading Oracle Identity Manager SSL enabled sertup, you must perform the required post-upgrade tasks to complete the upgrade process.

Complete the following tasks if you have upgraded an SSL enabled setup:
  1. Changes done for SSL settings in setDomainEnv.sh, startWeblogic.sh, startManagedWeblogic.sh, and datasources are lost after upgrade. Re-do all of the changes.
  2. Start the WebLogic Administration Server. To start the Administration Server, use the startWebLogic script:
    • (UNIX) EXISTING_DOMAIN_HOME/bin/startWebLogic.sh

    • (Windows) EXISTING_DOMAIN_HOME\bin\startWebLogic.cmd

    When prompted, enter your user name, password, and the URL of the Administration Server.

  3. Make necessary changes to the following newly created datasources, for SSL settings:
    • LocalSvcTblDataSource
    • opss-audit-DBDS
    • opss-audit-viewDS
    • opss-data-source
    • WLSSchemaDataSource
  4. In case of Customer Identity and Java Standard Trust, import your identity trust certificate to the new JDK home. The 12c (12.2.1.3.0) uses jdk1.8.0_131. To import the identity trust certificate to the new JDK home, use the following command:
    ./keytool -importcert -alias startssl -keystore JAVA_HOME/jre/lib/security/cacerts -storepass changeit -file supportcert.pem
  5. Verify that all of the SSL configuration changes including the SSL port related changes done in 11g (pre upgrade), are present post upgrade. If the changes are lost, you must redo them post upgrade. Some of the SSL configuration changes include:
    • OimFrontEndURL

    • backOfficeURL

    • SOA Server URL

    • ForeignJNDIProvider-SOA

    For more information about configuring SSL for Oracle Identity Goverenance, see Updating Oracle Identity Governance in Administering Oracle Identity Governance.

4.16 Installing Standalone Oracle BI Publisher

When you upgrade Oracle Identity Manager 11.1.2.3.0 to Oracle Identity Governance 12c (12.2.1.3.0), the embedded Oracle BI Publisher present in the 11.1.2.3.0 deployment, is removed. Therefore, you must install a new standalone Oracle BI Publisher 12c (12.2.1.3.0) post upgrade, for configuring the Oracle Identity Governance reports.

For information about installing and configuring Oracle BI Publisher 12c (12.2.1.3.0), see Installing and Configuring Oracle BI Publisher in Developing and Customizing Applications for Oracle Identity Governance.

For information about integrating standalone Oracle BI Publisher with Oracle Identity Governance 12c (12.2.1.3.0), see Integrating Standalone BI Publisher with Oracle Identity Governance in Developing and Customizing Applications for Oracle Identity Governance.