As I have mentioned earlier that we would like to upgrade ourself from IDM 10.1.4.0.1 to IDM 10.1.4.2 as we had some issues with accessing Partner Applications Administration page. Although WNA works well with older version. We had major issue with WNA once we upgraded to IDM 10.1.4.2, it actually stops working and there are no workarounds as per Oracle Support, this is what they has to say
"Current versions of OID are only certified with the shipped JDK version.Certification for JDK version 1.4.2_18 and OID is expected to be available in future AS/OID 10.1.4.3.0 Patchset (not ETA available)."
So we have to revert back to same working old version 10.1.4.0.1 till we have official release of 10.1.4.3.0
Happy Troubleshooting !!!
Monday, October 20, 2008
Force All Application users to Change their password
This is available starting in RUP4.
Requires Patch 4676589 ATG RUP 4.
The script to expire all passwords in the fnd_user table is $FND_TOP/patch/115/sql/AFCPEXPIRE.sql.
It can be executed from SQL*Plus or as a Concurrent Program: sqlplus -s APPS/ @AFCPEXPIRE.sql
or Submit concurrent request: CP SQL*Plus Expire FND_USER Passwords
This script sets the fnd_user.password_date to null for all users which causes all user passwords to expire. It can also be run as a SQL*Plus concurrent program.
The user will need to create a new password upon the next login.
Happy Troubleshooting !!!
Requires Patch 4676589 ATG RUP 4.
The script to expire all passwords in the fnd_user table is $FND_TOP/patch/115/sql/AFCPEXPIRE.sql.
It can be executed from SQL*Plus or as a Concurrent Program: sqlplus -s APPS/
or Submit concurrent request: CP SQL*Plus Expire FND_USER Passwords
This script sets the fnd_user.password_date to null for all users which causes all user passwords to expire. It can also be run as a SQL*Plus concurrent program.
The user will need to create a new password upon the next login.
Happy Troubleshooting !!!
Tuesday, September 16, 2008
No Responsibilities Are Available For The Given Connection Details At Login
We had some wierd issue today after upgrade. Some of the uses complaining after upgrading to Discoverer version 10.1.2.2 they were not able to login and getting error "No Responsibilities Are Available For The Given Connection Details At Login". But this strange for us too as some of them able to login and some not. I did test their login, responsibility end date etc etc. Then thought of checking some Bug and came to Metalink. And What its a bug, it has mentioned in Note 466188.1, and suggested to apply patch 6146747 (47MB). But we do not have time to apply this patch when production is live. So need to find workaround, guess what ???? nothing big, just added "Notification" responsibility to all users having only one responsibility against their username. So we made fool of Bug and it worked :-)
Happy Troubleshooting !!!
Happy Troubleshooting !!!
BIB-7000 Cannot access X Server
We had this issue while we did 11.5.10.2 upgrade last week. It was a hectic weekend, but with help of my patner Apps DBA we made it easy and delivered the instance 11hrs before actual outage. So come to the issue. I have mentioned in of the my previous Post regarding Xvfb setup in our production env admin node. Display variable is working fine adnd we dint' have any issues with DISPLAY, but getting "BIB-7000 Cannot access X Server" message while accessing graphs in Workflow pages from OAM.
While investigating realized this error was coming from Application tier where we do not have setting for Display, or I can say was set to somewhere else which was not working. As we didn't want to run Autoconfig again, what we did. We changed DISPLAY variable in jserv.properties file to our admin node Display setting and bounce Apache. Vola it worked.
Happy Troubleshooting !!!
While investigating realized this error was coming from Application tier where we do not have setting for Display, or I can say was set to somewhere else which was not working. As we didn't want to run Autoconfig again, what we did. We changed DISPLAY variable in jserv.properties file to our admin node Display setting and bounce Apache. Vola it worked.
Happy Troubleshooting !!!
Thursday, September 11, 2008
WNA Config with IDM version 1.4.0.1
Last part we missed in our 10g iAS integration setup was configuring WNA (Windows Native Authentication) using Kerberose. Which help you to avoid and challenge related to credentials. Here we go:
1. Have the Solaris administrator update the krb5.conf file as below
[libdefaults]
default_realm = DOMAINNAME.COM
clockskew = 300
[realms]
DOMAINNAME.COM = {
kdc = activedirectoryservername.com
kdc = activedirectoryservername.com
}
[domain_realm]
.domainname.com = DOMAINNAME.COM
domainname.com = DOMAINNAME.COM
2. Have the AD administrator create a service account for the OracleAS Single Sign-On server in Microsoft Active Directory. AD administrator will then need to create a keytab file for the server, and map the service principal (the server) to the account name. The keytab file stores the server's secret key. This file enables the server to authenticate to the KDC. The service principal is the entity, in this case, the single sign-on server, to which the KDC grants session tickets. The Keytab file is generated using KTPASS command executed on the AD host.
Ktpass.exe /princ HTTP/@DOMAINNAME.COM
/mapuser
/pass
/mapop set
+desonly
/ptype KRB5_NT_PRINCIPAL
/kvno 1
/crypto DES-CBC-CRC
/out sso.keytab
The AD Administrator will provide the keytab file which needs to be “binary” ftp’d or copied to SSO mid-tier (where OC4J_SECURITY runs) in $ORACLE_HOME/j2ee/OC4J_SECURITY/config directory.
3. Backup following SSO files :
$ORACLE_HOME/sso/conf/policy.properties
$ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn-data.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/WEB-INF/web.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/application-deployments/sso/orion-application.xml
$ORACLE_HOME/opmn/conf/opmn.xml
4. Configure WNA using ossoca.jar
$OH/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoca.jar wna \
-mode sso \
-oh $ORACLE_HOME \
-ad_realm DOMAINNAME.COM \
-kdc_host_port\
-verbose
Check login to https://hostname.domainname.com:4443/pls/orasso and click login. It should take you with any challenge. If it works you are done.
Happy Troubleshooting !!!
1. Have the Solaris administrator update the krb5.conf file as below
[libdefaults]
default_realm = DOMAINNAME.COM
clockskew = 300
[realms]
DOMAINNAME.COM = {
kdc = activedirectoryservername.com
kdc = activedirectoryservername.com
}
[domain_realm]
.domainname.com = DOMAINNAME.COM
domainname.com = DOMAINNAME.COM
2. Have the AD administrator create a service account for the OracleAS Single Sign-On server in Microsoft Active Directory. AD administrator will then need to create a keytab file for the server, and map the service principal (the server) to the account name. The keytab file stores the server's secret key. This file enables the server to authenticate to the KDC. The service principal is the entity, in this case, the single sign-on server, to which the KDC grants session tickets. The Keytab file is generated using KTPASS command executed on the AD host.
Ktpass.exe /princ HTTP/
/mapuser
/pass
/mapop set
+desonly
/ptype KRB5_NT_PRINCIPAL
/kvno 1
/crypto DES-CBC-CRC
/out sso.keytab
The AD Administrator will provide the keytab file which needs to be “binary” ftp’d or copied to SSO mid-tier (where OC4J_SECURITY runs) in $ORACLE_HOME/j2ee/OC4J_SECURITY/config directory.
3. Backup following SSO files :
$ORACLE_HOME/sso/conf/policy.properties
$ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn-data.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/WEB-INF/web.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/application-deployments/sso/orion-application.xml
$ORACLE_HOME/opmn/conf/opmn.xml
4. Configure WNA using ossoca.jar
$OH/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoca.jar wna \
-mode sso \
-oh $ORACLE_HOME \
-ad_realm DOMAINNAME.COM \
-kdc_host_port
-verbose
Check login to https://hostname.domainname.com:4443/pls/orasso and click login. It should take you with any challenge. If it works you are done.
Happy Troubleshooting !!!
Subscribe to:
Posts (Atom)
