Sunday, February 24, 2019

Neither able to connect to Primary Domain Controller nor to any of Back up Domain Controllers.

OIM to AD Provisioning Issue.

Error :

<Feb 25, 2019 3:11:37,441 AM GMT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER> <BEA-000000> <oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user
org.identityconnectors.framework.common.exceptions.ConnectorException: Neither able to connect to Primary Domain Controller nor to any of Back up Domain Controllers.
        at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:265)
        at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:262)
        at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:115)
        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)
        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)
        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:417)
        at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:156)
        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)
        at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)
        at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:153)
        at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:101)

Solution:

  1. Login to sysadmin console
  2. Click on IT Resource
  3. Search for AD IT Resource 
  4. Copy the AD Machine Name by going into Control Panel\All Control Panel Items\System and copy Computer Name
  5. Update the name in  LDAPHostName 
  6. Test retry failed create user event or provision of a new user.
-Arihant

Saturday, February 23, 2019

Error libawt_xawt.so: libXtst.so.6

ERROR:

Preparing to launch the Oracle Universal Installer from /tmp/OraInstall2019-02-24_07-35-48AM
Exception in thread "main" java.lang.UnsatisfiedLinkError: /app/binaries/jdk1.8.0_131/jre/lib/amd64/libawt_xawt.so: libXtst.so.6: cannot open shared object file: No such file or directory
        at java.lang.ClassLoader$NativeLibrary.load(Native Method)
        at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
        at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1824)
        at java.lang.Runtime.load0(Runtime.java:809)
        at java.lang.System.load(System.java:1086)
        at java.lang.ClassLoader$NativeLibrary.load(Native Method)
        at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
        at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1845)
        at java.lang.Runtime.loadLibrary0(Runtime.java:870)
        at java.lang.System.loadLibrary(System.java:1122)
        at java.awt.Toolkit$3.run(Toolkit.java:1636)
        at java.awt.Toolkit$3.run(Toolkit.java:1634)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.awt.Toolkit.loadLibraries(Toolkit.java:1633)
        at java.awt.Toolkit.<clinit>(Toolkit.java:1668)
        at java.awt.Component.<clinit>(Component.java:593)
        at oracle.sysman.oio.oioc.OiocOneClickInstaller.main(OiocOneClickInstaller.java:643)

Solution:
  1. Login as root
  2. Run yum install libXext* command. It will install required packages.
  3. Re-run the setup
-Arihant

./wrapper-linux-x86-32: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

Install below RPM in order to resolve this issue.

yum install glibc.i686

How To Enable TRACE Logging For OAM 11g Server and 10g or 11g WebGate ?

Setting OAM 11g Logger Levels


The following steps assume the name of the OAM Managed Server is 'oam_server1', replace accordingly.

1. Navigate to the OAM $ORACLE_HOME and execute the wlst.sh script in $ORACLE_HOME/common/bin

Example path: /home/Middleware/Oracle_IDM1/common/bin

$ORACLE_HOME/common/bin/./wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands
2. Connect to the WebLogic Admin Server as the WebLogic Administrator

wls:/offline> connect()
Please enter your username :weblogic
Please enter your password :
Please enter your server URL [t3://localhost:7001] :
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'base_domain'.
3. Set the logger level of the OAM Managed Server (e.g. oam_server1) to TRACE:32 with persist="0".

wls:/base_domain/serverConfig> domainRuntime()
wls:/base_domain/domainRuntime> setLogLevel(logger="oracle.oam", target="oam_server1", level="TRACE:32", persist="0")

Note: Use persist="1" to enable the log level to "persist" after OAM Managed Server restarts.
4. Verify the logger level was set by listing the current value and checking the OAM Managed Server log contains "TRACE:32".

wls:/base_domain/domainRuntime> listLoggers(pattern="oracle.oam", target="oam_server1")
-----------+-----------------
Logger | Level
-----------+-----------------
oracle.oam | TRACE:32

grep -m 1 -o 'TRACE:32' $DOMAIN_HOME/servers/oam_server1/logs/oam_server1-diagnostic.log

Expected Output:
TRACE:32

5. To return the OAM Managed Server to the default logger level use the following setLogger command or restart the Managed Server.

wls:/base_domain/domainRuntime> setLogLevel(logger="oracle.oam", target="oam_server1", level="NOTIFICATION:1", persist="0")

Setting 11g WebGate Logger Levels

Configuring Different Threshold Levels for Different Types of Data

1. Backup the following file: $MW_HOME/$ORACLE_WEBTIER/instances/<instance>/config/OHS/<ohs_instance>/webgate/config/oblog_config_wg.xml

Example path: /refresh/home/Middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config/oblog_config_wg.xml

2. In the original oblog_config_wg.xml change Value from "LOGLEVEL_WARNING" to "LOGLEVEL_TRACE".

<NameValPair
        ParamName="LOG_THRESHOLD_LEVEL"
        Value="LOGLEVEL_TRACE">
</NameValPair>
In the same file change the BUFFER_SIZE Value to "4" so that WebGate log entries are flushed to file promptly.

<NameValPair
        ParamName="BUFFER_SIZE"
        Value="4">
</NameValPair>

Note: Do not modify any other LOGLEVEL settings in oblog_config_wg.xml.

3. The log level change may take a couple of minutes to be reflected in the logs, restarting the WebServer is not necessary.

4. To disable the WebGate TRACE logging simply replace the original oblog_config_wg.xml file with backup taken in Step 1.

Setting 10g WebGate Logger Levels

1. Backup the following file: $WEBGATE_HOME/access/oblix/config/oblog_config_wg.xml

Example path: /refresh/home/OAM10wg/access/oblix/config

2. In the original oblog_config_wg.xml change Value from "LOGLEVEL_WARNING" to "LOGLEVEL_TRACE".

<NameValPair
        ParamName="LOG_THRESHOLD_LEVEL"
        Value="LOGLEVEL_TRACE">
</NameValPair>
In the same file change the BUFFER_SIZE Value to "4" so that WebGate log entries are flushed to file promptly.

<NameValPair
        ParamName="BUFFER_SIZE"
        Value="4">
</NameValPair>
Note: Do not modify any other LOGLEVEL settings in oblog_config_wg.xml.

3. The log level change may take a couple of minutes to be reflected in the logs, restarting the WebServer is not necessary.

4. To disable the WebGate TRACE logging simply replace the original oblog_config_wg.xml file with backup taken in Step 1.

Regardes,
Arihant

How to enable Auditing in OAM PS3?


High-Level Steps:

1) Run an RCU and create an IAU Schema form Auditing
2) Enable a Filtered Enabled from OAM common setting
3) Create an IAU data source in OAM Weblogic console
4) Enable the auditing from EM console by attaching the IAU data source
5) Update the jps-config.xml file with DB as a file store
6) Restart the Admin and OAM server
7) Connect to IAU scheme and check the IAU_Base Table and check the data












      <serviceInstance name="audit" provider="audit.provider" location="./audit-store.xml">
            <description>Audit Service</description>
            <property name="audit.filterPreset" value=""/>
            <property name="audit.maxDirSize" value="0"/>
            <property name="audit.maxFileSize" value="104857600"/>
            <property name="audit.timezone" value="utc"/>
            <property name="audit.loader.jndi" value="jdbc/AuditDB"/>
            <property name="audit.loader.interval" value="15"/>
            <property name="audit.loader.repositoryType" value="DB"/>
            <property name="auditstore.type" value="DB"/>
        </serviceInstance>
\\\

/app/oracle/middleware/user_projects/domains/base_domain/servers/oam_server1/logs/auditlogs/OAM/audit.log




How to save the password for 12 OHS start services?

Step for setting up the password.

Avoid entering password each time when you start OHS, you can save the password in encrypted file with parameter storeUserConfig:

Run the below command, It will prompt for password once and it will generate a  nm-cfg-ohs_domain.props and nm-key-ohs_domain.props. files.

./startComponent.sh ohs1 storeUserConfig


[oracle@oracle ~]$ cd /app/oracle/middleware/user_projects/domains/ohs_domain/bin/
[oracle@oracle bin]$ ll
total 28
-rwxr-x---. 1 oracle oracle  994 Aug  2 14:56 setNMJavaHome.sh
-rwxr-x---. 1 oracle oracle 2285 Aug  2 14:56 startComponent.sh
-rwxr-x---. 1 oracle oracle 1129 Aug  2 14:56 startNodeManager.sh
-rwxr-x---. 1 oracle oracle  711 Aug  2 14:56 startRSDaemon.sh
-rwxr-x---. 1 oracle oracle 1949 Aug  2 14:56 stopComponent.sh
-rwxr-x---. 1 oracle oracle 1073 Aug  2 14:56 stopNodeManager.sh
-rwxr-x---. 1 oracle oracle  853 Aug  2 14:56 stopRSDaemon.sh
[oracle@oracle bin]$ ./startComponent.sh ohs1 storeUserConfig
Starting system Component ohs1 ...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Reading domain from /app/oracle/middleware/user_projects/domains/ohs_domain


Please enter Node Manager password:
Creating the key file can reduce the security of your system if it is not kept in a secured location after it is created. Creating new key...
The username and password that were used for this WebLogic NodeManager connection are stored in /home/oracle/.wlst/nm-cfg-ohs_domain.props and /home/oracle/.wlst/nm-key-ohs_domain.props.
Connecting to Node Manager ...
Successfully Connected to Node Manager.
Starting server ohs1 ...
Successfully started server ohs1 ...
Successfully disconnected from Node Manager.


Exiting WebLogic Scripting Tool.

Done


Arihant Baid

Steps to check OHS version

Locate to the below location

/u01/Middleware_WT/Oracle_WT1/ohs/bin

Export the below path

export LD_LIBRARY_PATH=/u01/Middleware_WT/Oracle_WT1/lib

Now run the below command

[oracle@arihant bin]$ ./httpd -version
Server version: Oracle-HTTP-Server/2.2.22 (Unix)
Server built:   Aug 20 2015 15:15:27
Server label:   APACHE_11.1.1.7.0_LINUX.X64_RELEASE


Regards,
Arihant

Nexaweb Error Message while accessing OIM Import or export (Deployment Manager)

Error:

Nexaweb Error Message:
You don't have JAVA enabled or installed, click here for more info.


Solution:

Chrome, Firefox and IE latest version doesn't support Java TM

Firefox 45.0.2
http://filehippo.com/download_firefox/67317/

Download old version of Firefox, restart, and validate add-on should have java.


Try to access OIM import and export.


Regards,
Arihant

How to enable TRACE logging for both Oracle Access Manager (OAM) 11g Server and 10g or 11g Webgate ?


1. To enable TRACE logging for 10g WebGate:
 
Reference: How To Turn On Trace/Logging Oracle Access Manager (OAM)/COREid (Doc ID 403118.1)

First backup file <OAM component install dir>/oblix/config/oblog_config_wg.xml.

Then in the original oblog_config_wg.xml set:

        <SimpleList>
            <NameValPair
                ParamName="LOG_THRESHOLD_LEVEL"
                Value="LOGLEVEL_TRACE"></NameValPair>
        </SimpleList>

NOTE: Do not modify any other LOGLEVEL settings in that file.

Also change the BUFFER_SIZE in the oblog config file, so that log entries are flushed to file promptly.

                <NameValPair
                    ParamName="BUFFER_SIZE"
                    Value="4"></NameValPair>

WebGate webserver restart is not necessary.

To disable the TRACE logging simply replace the original oblog_config_wg.xml file.

2. To enable TRACE logging for 11g WebGate:

First backup file ORACLE_INSTANCE/config/OHS/OHS_INSTANCE_NAME/webgate/config/oblog_config_wg.xml

Then in the original oblog_config_wg.xml set:

        <SimpleList>
            <NameValPair
                ParamName="LOG_THRESHOLD_LEVEL"
                Value="LOGLEVEL_TRACE"></NameValPair>
        </SimpleList>

NOTE: Do not modify any other LOGLEVEL settings in that file.

Also change the BUFFER_SIZE in the oblog config file, so that log entries are flushed to file promptly.

                <NameValPair
                    ParamName="BUFFER_SIZE"
                    Value="4"></NameValPair>

WebGate webserver restart is not necessary.

To disable the TRACE logging simply replace the original oblog_config_wg.xml file.

3) To enable OAM 11g Server TRACE logging:

On the OAM Server run:

cd OAM_ORACLE_HOME/common/bin

./wlst.sh
wls:/offline>> connect()               --- connect to the AdminServer port with weblogic credentials
wls> domainRuntime()
wls> setLogLevel(target='oam_server1',logger='oracle.oam',level='TRACE:32',persist="0",addLogger=1)
wls> exit()

Verify that there are now TRACE entries written to the OAM managed server diagnostic log. The log file location is: OAM_MW_HOME/user_projects/domains/DOMAIN_NAME/servers/OAM_MGD_SERVER_NAME/logs


To return the logging level to default run setLogLevel again with level='NOTIFICATION:1' or restart the OAM managed server.

Regards,
Arihant Baid

How to enable the /cgi-bin/printenv in OAM?

Steps

1) Locate to the following location

/app/oracle/middleware/user_projects/domains/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/cgi-bin/

Update the permisison to 775 for printenv




2) Type which perl, Copy the path and update that in printenv.

[oracle@oracle cgi-bin]$ cat printenv
#!/usr/bin/perl
##
##  printenv -- demo CGI program which just prints its environment
##

print "Content-type: text/plain\n\n";
foreach $var (sort(keys(%ENV))) {
    $val = $ENV{$var};
    $val =~ s|\n|\\n|g;
    $val =~ s|"|\\"|g;
    print "${var}=\"${val}\"\n";
}



3) Type printenv and very its working



3) Now try accessing protected url

http://oracle.demo.com:7777/protected/protected.html it will redirect to oam login page, provide the login details, once we get the protected page.




4) Now try accessing below url in anpther tab

http://oracle.demo.com:7777/cgi-bin/printenv



Thanks,
Arihant Baid






LDAP: error code 53 - User passwords may not be provided in pre-encoded

Error:

LDAP: error code 53 - User passwords may not be provided in pre-encoded form OUD

Solution:

Locate to /app/oracle/middleware/asinst_1/OUD/bin and runt he below command

./dsconfig -h localhost  -p 4444 -D "cn=Directory manager"  -X set-password-policy-prop --policy-name "Default Password Policy" --set allow-pre-encoded-passwords:true --advanced












































Regards,
Arihant

How to find the version and patch Inventory for 12.2.1.3.x Oracle Identity Governance

Steps to Capture Weblogic, OIM and SOA Patch Inventory.

Option 1

[oracle@arihant.com bin]$ pwd
/u01/app/oracle/fmw/user_projects/domains/base_domain/bin
[oracle@arihant.com bin]$ . set
setDomainEnv.sh     setNMJavaHome.sh    setSOADomainEnv.sh  setStartupEnv.sh
[oracle@arihant.com bin]$ . setDomainEnv.sh
*****************************************************
** Setting up SOA specific environment...
*****************************************************
EXTRA_JAVA_PROPERTIES= -da:org.apache.xmlbeans...
.
LD_LIBRARY_PATH=::/u01/app/oracle/fmw/wlserver/server/native/linux/x86_64:/u01/app/oracle/fmw/wlserver/server/native/linux/x86_64/oci920_8
.
*****************************************************
** End SOA specific environment setup
*****************************************************
[oracle@arihant.com base_domain]$ cd bin/
[oracle@arihant.com bin]$ cd $MW_HOME/oui/bin
[oracle@arihant.com bin]$ pwd
/u01/app/oracle/fmw/oui/bin
[oracle@arihant.com bin]$ ./viewInventory.sh > fullInventory.txt
[oracle@arihant.com bin]$ vi fullInventory.txt
[oracle@arihant.com bin]$ pwd
/u01/app/oracle/fmw/oui/bin
[oracle@arihant.com bin]$

Option 2

[oracle@arihant.com OPatch]$ pwd
/u01/app/oracle/fmw/OPatch
[oracle@arihant.com OPatch]$ export ORACLE_HOME=/u01/app/oracle/fmw
[oracle@arihant.com OPatch]$ ./opatch lspatches
26355633;One-off
26287183;One-off
26261906;One-off
26051289;One-off

OPatch succeeded.

Option 3

[oracle@arihant.com OPatch]$ ./opatch lsinventory
Oracle Interim Patch Installer version 13.9.2.0.0
Copyright (c) 2017, Oracle Corporation.  All rights reserved.

Oracle Home       : /u01/app/oracle/fmw
Central Inventory : /home/oracle/oraInventory
   from           : /u01/app/oracle/fmw/oraInst.loc
OPatch version    : 13.9.2.0.0
OUI version       : 13.9.2.0.0
Log file location : /u01/app/oracle/fmw/cfgtoollogs/opatch/opatch2017-10-19_11-49-30AM_1.log

OPatch detects the Middleware Home as "/u01/app/oracle/fmw"

Lsinventory Output file location : /u01/app/oracle/fmw/cfgtoollogs/opatch/lsinv/lsinventory2017-10-19_11-49-30AM.txt

--------------------------------------------------------------------------------
Local Machine Information::
Hostname: arihant.com.
ARU platform id: 226
ARU platform description:: Linux x86-64

Interim patches (4) :

Patch  26355633     : applied on Tue Oct 03 19:30:56 EDT 2017
Unique Patch ID:  21447583
Patch description:  "One-off"
   Created on 1 Aug 2017, 21:40:20 hrs UTC
   Bugs fixed:
     26355633

Patch  26287183     : applied on Tue Oct 03 19:30:35 EDT 2017
Unique Patch ID:  21447582
Patch description:  "One-off"
   Created on 1 Aug 2017, 21:41:27 hrs UTC
   Bugs fixed:
     26287183

Patch  26261906     : applied on Tue Oct 03 19:30:07 EDT 2017
Unique Patch ID:  21344506
Patch description:  "One-off"
   Created on 12 Jun 2017, 23:36:08 hrs UTC
   Bugs fixed:
     25559137, 25232931, 24811916

Patch  26051289     : applied on Tue Oct 03 19:29:51 EDT 2017
Unique Patch ID:  21455037
Patch description:  "One-off"
   Created on 31 Jul 2017, 22:11:57 hrs UTC
   Bugs fixed:
     26051289

--------------------------------------------------------------------------------

OPatch succeeded.


-Arihant

oracle.iam.platform.utils.NoSuchServiceException: java.lang.reflect.InvocationTargetException


ERROR:

Exception in thread "main" oracle.iam.platform.utils.NoSuchServiceException: java.lang.reflect.InvocationTargetException
at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:282)
at oracle.iam.platform.OIMClient.getService(OIMClient.java:259)
at oimcode.ClosePendingRequests.closeReq(ClosePendingRequests.java:64)
at oimcode.ClosePendingRequests.main(ClosePendingRequests.java:57)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:278)
... 3 more
Caused by: java.lang.NoClassDefFoundError: org/eclipse/persistence/indirection/ValueHolderInterface
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:169)
at $Proxy2.<clinit>(Unknown Source)
at sun.reflect.GeneratedSerializationConstructorAccessor22.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.io.ObjectStreamClass.newInstance(ObjectStreamClass.java:924)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1736)

Solution:

  1. Copy eclipselink.jar from /app/oracle/middleware/oracle_common/modules/oracle.toplink_11.1.1/eclipselink.jar
  2. Add jar file in your project.
  3. Re-run the code.
-Arihant