Showing posts with label context file. Show all posts

Friday, November 27, 2015

adop fs_clone/prepare fails with [UNEXPECTED]Invalid worker Count: 0

We recently added a node to our current EBS application. As part of the node addition steps, tried to executed adop phase=fs_clone but it failed immediately with errors.

Enter the APPS password:
Enter the SYSTEM password:
Enter the WLSADMIN password:
Validating credentials.
Initializing.
    Run Edition context : /app/EBD//fs2/inst/apps/EBD_oraapp01/appl/admin/EBD_oraapp01.xml
    Patch edition context: /app/EBD//fs1/inst/apps/EBD_oraapp01/appl/admin/EBD_oraapp01.xml
    Patch file system free space: 41.85 GB
Validating system setup.
    [UNEXPECTED]Invalid worker Count: 0
    [UNEXPECTED]Error validating worker count

Later tried to assign worker count of value 8 manually as below but it also failed
$ adop phase=fs_clone workers=8

Validating credentials.
Initializing.
    Run Edition context : /app/EBD//fs2/inst/apps/EBD_oraapp01/appl/admin/EBD_oraapp01.xml
    Patch edition context: /app/EBD//fs1/inst/apps/EBD_oraapp01/appl/admin/EBD_oraapp01.xml
    Patch file system free space: 41.85 GB
    [UNEXPECTED]Specified value 8 is not supported by the database.
    [UNEXPECTED]A maximum of 1 workers can be invoked.
    [UNEXPECTED]Error validating worker count

Observed the same issue with prepare phase as well.

Solution:
The default worker count information(recomm & max) is stored in a file adpawc.xml that can be found under $APPL_TOP/admin/$TWO_TASK/log

Somehow this file has been modified with recommended value as 0 and max value as 1 during node addition.

FileContent:
<?xml version="1.0"?>
<WORKER_COUNT>
        <RECOMMENDED>0</RECOMMENDED>
        <MAX>1</MAX></WORKER_COUNT>

Update recommended & max value based on cpu count.

Here I updated recommended value as 8 and max value as 64 and saved the file.

Once the changes are made, fs_clone went smoothly.

Saturday, November 7, 2015

adop fs_clone failed after cutover port issue

Issue:

FS_CLONE failed during vallidation and below are errors in Validation logfiles
Started execution   : ADOPValidations.java
Node Name                       File Edition                    Port Name                       Port Value
----------------------------------------------------------------------------------------------------------------------------
ebs001                      run                     s_java_object_cache_port                        12366
ebs002                      run                     s_java_object_cache_port                        12367
ebs001                      patch                   s_java_object_cache_port                        12366
ebs002                      patch                   s_java_object_cache_port                        12367

ERROR:
The following ports are out of sync on RUN Edition-> [s_java_object_cache_port]
Corrective Action: update the context files so that all the erroneous ports have same value across all nodes
and run AutoConfig to sync with the value in the database.
The following ports are out of sync on PATCH Edition-> [s_java_object_cache_port]
Corrective Action: update the context files so that all the erroneous ports have same value across all nodes
and run AutoConfig with the -syncctx option to sync with the value in the database.

Fix:
There is a port mismatch for variable s_java_object_cache_port. Based on port pool, values should be as below:
Node Name                       File Edition                    Port Name                       Port Value
----------------------------------------------------------------------------------------------------------------------------
ebs001                      run                     s_java_object_cache_port                        12367
ebs002                      run                     s_java_object_cache_port                      12367
ebs001                      patch                   s_java_object_cache_port                       12366
ebs002                      patch                   s_java_object_cache_port                    12366

1) On ebs001 update run context file with correct port value 12367 & run autoconfig.sh
2) On ebs002 update patch contextfile and and adconfig with syncctc option as below
$ sh $AD_TOP/bin/adconfig.sh contextfile=$CONTEXT_FILE -syncctx

Tuesday, September 1, 2015

fs_clone failed during adopValidations

Issue

Found the below errors in the adop validation file.. adopValidations_detailed.log under $ADOP_LOG_DIR/3/fs_clone_XXX/

-----------------------------

ERROR: The following required ports are in use:

-----------------------------

7812 : Managed Server Port 11

7412 : Managed Server Port 7

7612 : Managed Server Port 5

7212 : Managed Server Port 3

Corrective Action: Free the listed ports and retry the adop operation.

Completed execution : ADOPValidations.java

Found that Patch Context File in Database has incorrect port number for Admin Servers, Managed ports.

Fix:

Updated the correct ports in context file and uploaded context file to database.

$ADJVAPRG oracle.apps.ad.autoconfig.oam.CtxSynchronizer action=upload contextfile=<Path of Context File> logfile=/tmp/patchctxupload15.log

Wednesday, April 1, 2015

Site Name profile in 12.2

We generally define “Site Name” profile at site level to identify forms session distinctly when we have multiple EBS Sessions. In prior releases upto 12.1.3 this can be directly modified and the change remains permanent until you make changes manually.

From 12.2, Oracle changed the way how it is handled. The value of Site Name defaults to parameter value s_sitename defined in context file. So, whenever we execute autoconfig it overwrites “Site Name” with s_sitename parameter

The script that updates the value when autoconfig is ran: $INST_TOP/admin/install/txkappsprf.sql

In order to customize the change according to our requirement we can perform steps as below:

1) Identify the template file that needs to be customized.

$AD_TOP/bin/adtmplreport.sh contextfile=$CONTEXT_FILE target=$INST_TOP/admin/install/txkappsprf.sql

This script provides log file which gives template file details:

TEMPLATE FILE : /u01/tech_st/fs1/EBSapps/appl/fnd/12.0.0/admin/template/txkappsprf.sql

TARGET FILE : /u01/tech_st/fs1/inst/apps/endecebs_endecaapps/admin/install/txkappsprf.sql

2) Navigate to TEMPLATE File location $FNS_TOP/template and create directory “custom”

$ mkdir custom

3) Switch to “custom” directory and copy the template file to this location.

4) Edit the content of this newly copied file txkappsprf.sql under $FND_TOP/admin/template/custom as below

DEFINE SITE_NAME = "%s_sitename%"

DEFINE SITE_NAME = "<Your customized message>"

After these changes are made whenever you run autoconfig, the Site Name will be updated based on your custom template file. This can be added to your post clone steps based on your requirements.

Friday, August 29, 2014

FRM-92101 - There was a failure in the Forms Server during startup. This could happen due to invalid configuration.

FRM-92101 - Unable to Launch EBS & Discoverer in Same Browsers

Issue :

Getting error frm-92101: There was a failure in the Forms Server during startup. This could happen due to invalid configuration.

Unable to launch EBS and Discoverer plus applications together from Internet Explorer. This issue is occurring only if both Discoverer and EBS services are running on same server.

Issue occurs when we launch them together as below

Launch EBS URL and launch any forms

Then now open a new tab and launch discoverer URL

Then EBS Forms fail with below error message.

And we can see below error messages in java console

oracle.forms.net.ConnectionException: 500

    at oracle.forms.net.ConnectionException.createConnectionException(Unknown Source)

    acache: Read manifest for https://ebs.domain.com:4443/OA_JAVA/oracle/apps/fnd/jar/fndewt.jar: read=45 full=87491

java.io.EOFException

    at java.io.DataInputStream.readUnsignedByte(Unknown Source)



Then later when we close and retry to launch forms it still fails with frm-92101 message as below

Below is the error recorded in application.log file

Unable to switch to Working Directory: /u01/oravis /apps/tech_st/10.1.3/forms

14/08/28 18:37:22.839 formsweb: Forms session <5> failed during startup: no response from runtime process

Cause

This issue is occurring because of improper handling path variable when a discoverer is launched. When EBS application is launched it sets JSESSIONID cookie with a restriction of path= /OA_HTML so that this is restricted to EBS Applications. But when the discoverer application is launched it is setting JSESSIONID without any restriction.

This makes that the DISCOVERER JSESSIONID cooke is also passed with request send to EBS server and since DISCOVERER lacks the "path=/discoverer" when setting the cookie the HTTP requests for Forms Servlet receive an 'unexpected' JSESSIONID cookie value and fail with the error.

EBS http:

Set-Cookie: JSESSIONID=3c3046608609362f0bfe2e0ffc36096ef65ada33c71207aac7f9a4cc881ea06a.e3qPc3mMa34Ne34TahyLa3iKaN50; path=/OA_HTML; secure

Discoverer http:

Set-Cookie: JSESSIONID=hHq6TnsdMJhJlQvTk4nRTjSh2x00BKphgT6ktw376Xx1V30L1DfX!1397667650; domain=.domain.com; path=/; secure; HttpOnly

Solution:

There are two workarounds to prevent this issue

Workaround 1:

This workaround fixes issue of launching both forms and discoverer together but this restricts users launching more than one forms for their activity

In the $CONTEXT_FILE change
<forms_tracking_cookies oa_var="s_forms_tracking_cookies">disabled</forms_tracking_cookies>
to
<forms_tracking_cookies oa_var="s_forms_tracking_cookies">enabled</forms_tracking_cookies>

Run autoconfig to reflect changes and bounce application services.

(or)

If autoconfig execution cannot be performed rightway, update orion-web.xml file under $INST_TOP/ora/10.1.3/j2ee/forms/application-deployments/forms/formsweb

<session-tracking cookies="disabled" />

to

<session-tracking cookies="enabled" />

Bounce opmn services using adopmnctl.sh

Workaround 2:

This workaround is most suggestable than prior and this is performed on Discoverer side and this changes make the discoverer to restrict usage of its JSessionid cookie.

Need to add following entries to weblogic.xml file of discoverer.war file.

<session-descriptor>
<cookie-name>JSESSIONID</cookie-name>
<cookie-path>/discoverer</cookie-path>
</session-descriptor>

The below are the files that needs to be modified with above changes. The paths may not be exact but should be similar as below

$DOMAIN_HOME/servers/<DomainName>/tmp/_WL_user/oracle.discoverer/yn4f2j/WEB-INF/weblogic.xml
$DOMAIN_HOME /servers/<DomainName>/tmp/_WL_user/discoverer_11.1.1.2.0/51oeh7/war/WEB-INF/weblogic.xml

Once the changes are done reploy discoverer.ear using fusion middleware console

Login FMW Console, click on “Lock & Edit” and go to Deployments -> Select Discoverer (11.1.1.X.0) -> Click on Update -> Select “Redeploy this application using the following deployment files” -> Next -> Finish -> “Activate Changes”

Bounce opmnctl services

Now you should be able to launch both EBS and discoverer without any restrictions

Wednesday, May 28, 2014

Enable SSL for EBS R12

Hi All,

This post assists in configuring SSL for EBS R12 from command line using orapki rather than owm utility. This illustrates example for self signed certificates.

This involves below series of steps to setup SSL.

Create New Wallet
Create a Certificate Request
Upload Certificate to Wallet
Modify the OPMN wallet
Import certs to cacerts
Update the Context File
Settings for DB Tier

Create New Wallet

Login EBS Application server and source using environment file (APPS<sid_machine>.env) located in the APPL_TOP directory.

Navigate to the $INST_TOP/ora/10.1.3 and source the env file to set your 10.1.3 ORACLE_HOME variables.
Navigate to the $INST_TOP/certs/Apache directory.
Take backup of existing wallet files to a backup directory.
Create New wallet using orapki utility as below

bash-4.1$ cd $INST_TOP/Apache

bash-4.1$ orapki wallet create -wallet . -auto_login -pwd apps123

bash-4.1$ ls -ltr

total 16

-rw------- 1 oracle dba 7912 Apr 15 13:33 ewallet.p12

-rw------- 1 oracle dba 7940 Apr 15 13:33 cwallet.sso

Create a Certificate Request
Create new certificate request file by passing appropriate details as input which is used for generating a SSL Certificate.

Below are the details required to be passed to generate csr file.

Common Name name of server with domain, e.g. mylinux.domain.com
Organizational Unit: The unit within your organization, e.g. HR
Organization: is the name of your organization, e.g. Home
Locality/City: is your locality or city, e.g. New York
State/Province: is the full name of your State or Province - do not abbreviate,

Country: Select country from drop down list, e.g. USA

Keysize: Encryption level and min is 1024, recommended value - 2048

Use command as below to generate certificate request file and export it.

$ orapki wallet add -wallet . -dn "CN=mylinux.domain.com,OU=HR,O=Home,L=New york,ST=Newyork,C=USA" -keysize 2048 -pwd apps123

$ orapki wallet add -wallet . -dn "CN=mylinux.domain.com,OU=HR,O=Home,L=New york,ST=Newyork,C=USA" -keysize 2048 -request server.txt -pwd apps123

Verify the certificate request file from wallet as below.

$ cd $INST_TOP/certs/Apache/

$ orapki wallet display -wallet .

Requested Certificates:

Subject: CN=mylinux.domain.com,OU=HR,O=Home,L=New york,ST=Newyork,C=USA ß File requested

User Certificates:

Trusted Certificates:

Subject: CN=GTE CyberTrust Root,O=GTE Corporation,C=US

Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US

Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Then submit the generated request file(server.txt) to Certifying authority to request a self-signed certificate.

Upload Certificate to Wallet

As the certificate provided is self signed, once Certifying authority provides Self-signed Server Certificate we need additional certificates to import them to the wallet. We need to download root certificate, intermediate certificates to import server certigficate to wallet.

Note: Save certificate in base-64 format.

Once certificate is received save the file as server.crt in ($INST_TOP/certs/Apache). Also import all the root certificates of this certificate and save certificates with necessary conventions as below.

Root Certifciate - ca.crt

Intermediate Certificate - intermediate_base64.cer

Server.crt - server_base64.cer

Root & Intermediate certificates can be obtained from Internal Certifying authority if you are using self signed certificates.

Ftp the certificate files to the server and place them in $INST_TOP/certs/Apache directory.
Upload these certificates to Wallet using commands as below.

bash-4.1$ cd $INST_TOP/certs/Apache

$ orapki wallet add -wallet . -trusted_cert -cert SSL/ca.crt -pwd apps123

$ orapki wallet add -wallet . -trusted_cert -cert SSL/intermediate_base64.cer -pwd apps123

$ orapki wallet add -wallet . -user_cert -cert SSL/123080_base64_certificate.cer -pwd apps123

Display Wallet contents and you should see all the certificates uploaded to wallet.

bash-4.1$ orapki wallet display -wallet .

Requested Certificates:

User Certificates:

Subject: CN=mylinux.domain.com,OU=HR,O=Home,L=New york,ST=Newyork,C=USA

Trusted Certificates:

Subject: CN=GTE CyberTrust Root,O=GTE Corporation,C=US

Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: CN=Intermediate Authority,O=Home,C=US

Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US

Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: CN=Home Root Certificate Authority,O=Home

We need to import root & intermediate certificates to b64InternetCertificate.txt file located in the 10.1.2 ORACLE_HOME/sysman/config directory.

$ cd $INST_TOP/certs/Apache/

$ cat SSL/ca.crt >>$ORACLE_HOME/sysman/config/b64InternetCertificate.txt ß root cert

$ cat SSL/infra_intermediate_base64.cer >>$ORACLE_HOME/sysman/config/b64InternetCertificate.txt ß Inter cert

$ cat SSL/Infra_East_Base64.cer >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt ßInter cert

Modify the OPMN wallet

As default opmn wallet comes with demo wallet files, these should be now replace with newly created wallets as below.

Navigate to the $INST_TOP/certs/opmn directory.
Create a new directory named BAK
Move the ewallet.p12 and cwallet.sso files to the BAK directory just created.
Copy the ewallet.p12 and cwallet.sso files from the $INST_TOP/certs/Apache directory to the $INST_TOP/certs/opmn directory.

$ cd $INST_TOP/certs/opmn

$ mkdir BAK

$ mv * BAK/

$ cp ../Apache/ewallet.p12 .

$ cp ../Apache/cwallet.sso .

Import certs to cacerts
Now the new certificates files needs to be uploaded to cacerts under $OA_JRE_TOP/security/lib for proper functioning of XML Piublisher, OPP, etc.,

Navigate to the $OA_JRE_TOP/lib/security directory
Backup the existing cacerts file.

cd $OA_JRE_TOP/lib/security

cp cacerts cacerts.orig

Copy your ca.crt and server.crt files to this directory and issue the following command to insure that cacerts has write permissions:

$ chmod u+w cacerts

5. Add your Apache ca.crt and server.crt to cacerts as below.

bash-4.1$ cd -

/oracle/orainst1/d112uk/inst/apps/d112uk_camcfnldap01/certs

bash-4.1$ cd Apache/SSL/

bash-4.1$ ls

Server_base64_certificate.cer ca.crt intermediate_base64.cer

bash-4.1$ cat intermediate_base64.cer >> ca.crt

bash-4.1$ cp -pr ca.crt $OA_JRE_TOP/lib/security

bash-4.1$ cp -pr Server_base64_certificate.cer $OA_JRE_TOP/lib/security

bash-4.1$ cd $OA_JRE_TOP/lib/security

$ keytool -import -alias ApacheRootCA_2048 -file ca.crt -trustcacerts -v -keystore cacerts

When prompted enter the keystore password (default password is changeit).

$ keytool -import -alias ApacheServer_2048 -file 123080_base64_certificate.cer -trustcacerts -v -keystore cacerts

Trust this certificate? [no]: Yes

Certificate was added to keystore

Update the Context File

Backup existing context file under $INST_TOP/appl/admin/<db>_<server>.xml
Modify all below variables in the context file and save it.

SSL Related Variables in the Context File
Variable	Non-SSL Value	SSL Value
s_url_protocol	http	https
s_local_url_protocol	http	https
s_webentryurlprotocol	http	https
s_active_webport	same as s_webport	same as s_webssl_port
s_webssl_port	not applicable	4443 (port pool 0)
s_https_listen_parameter	not applicable	same as s_webssl_port
s_login_page	http://mylinux.domain.com:8000/OA_HTML/AppsLogin	https://mylinux.domain.com:4443/OA_HTML/AppsLogin
s_external_url	http://mylinux.domain.com:8009	https://mylinux.domain.com:4443

Run autoconfig using adautocfg.sh file.
Restart the middle tier services.

Settings for DB Tier

To enable SSL on the Database Tier, We need to import server certificate,ca.crt (and intca.crt if it exists) by creating an empty wallet.

Connect to database and find the wallet location as below.

SQL> select fnd_profile.value('FND_DB_WALLET_DIR') from dual

SQL> /

FND_PROFILE.VALUE('FND_DB_WALLET_DIR')

--------------------------------------------------------------------------------

/oracle/u011/mydb/db/tech_st/11.2.0/appsutil/wallet

After setting your environment for the database tier, navigate to the $ORACLE_HOME/appsutil directory.
Verify for directory waller, if It doesn’t exist create now.
Navigate to the newly created wallet directory.
Create a new empty wallet in this directory

orapki wallet create -wallet $ORACLE_HOME/appsutil/wallet -auto_login -pwd apps123

FTP the certificate files from application server to database server and import them into this newly created wallet as below.

bash-4.1$ pwd

/oracle/u011/mydb/db/tech_st/11.2.0/appsutil/wallet

$ orapki wallet add -wallet $ORACLE_HOME/appsutil/wallet -trusted_cert -cert root_base64.cer -pwd apps123

$ orapki wallet add -wallet $ORACLE_HOME/appsutil/wallet -trusted_cert -cert intermediate_base64.cer -pwd apps123

$ orapki wallet add -wallet $ORACLE_HOME/appsutil/wallet -trusted_cert -cert 123080_base64_certificate.cer -pwd apps123

Test the wallet created from above steps as below and it should return page content.

SQL> select UTL_HTTP.REQUEST

( url => fnd_profile.value('APPS_FRAMEWORK_AGENT')||'/OA_HTML/IRCRESUMEUK1.xsl',

proxy => hr_util_web.proxyForURL(fnd_profile.value('APPS_FRAMEWORK_AGENT')),

wallet_path=>'file:'||fnd_profile.value('FND_DB_WALLET_DIR'), wallet_password=>fnd_preference.eget('#INTERNAL','WF_WEBSERVICES','EWALLETPWD','WFWS_PWD'))

from dual;

The above query should return HTML output.

-- This completed SSL Setup