We had some wierd issue today after upgrade. Some of the uses complaining after upgrading to Discoverer version 10.1.2.2 they were not able to login and getting error "No Responsibilities Are Available For The Given Connection Details At Login". But this strange for us too as some of them able to login and some not. I did test their login, responsibility end date etc etc. Then thought of checking some Bug and came to Metalink. And What its a bug, it has mentioned in Note 466188.1, and suggested to apply patch 6146747 (47MB). But we do not have time to apply this patch when production is live. So need to find workaround, guess what ???? nothing big, just added "Notification" responsibility to all users having only one responsibility against their username. So we made fool of Bug and it worked :-)
Happy Troubleshooting !!!
Tuesday, September 16, 2008
BIB-7000 Cannot access X Server
We had this issue while we did 11.5.10.2 upgrade last week. It was a hectic weekend, but with help of my patner Apps DBA we made it easy and delivered the instance 11hrs before actual outage. So come to the issue. I have mentioned in of the my previous Post regarding Xvfb setup in our production env admin node. Display variable is working fine adnd we dint' have any issues with DISPLAY, but getting "BIB-7000 Cannot access X Server" message while accessing graphs in Workflow pages from OAM.
While investigating realized this error was coming from Application tier where we do not have setting for Display, or I can say was set to somewhere else which was not working. As we didn't want to run Autoconfig again, what we did. We changed DISPLAY variable in jserv.properties file to our admin node Display setting and bounce Apache. Vola it worked.
Happy Troubleshooting !!!
While investigating realized this error was coming from Application tier where we do not have setting for Display, or I can say was set to somewhere else which was not working. As we didn't want to run Autoconfig again, what we did. We changed DISPLAY variable in jserv.properties file to our admin node Display setting and bounce Apache. Vola it worked.
Happy Troubleshooting !!!
Thursday, September 11, 2008
WNA Config with IDM version 1.4.0.1
Last part we missed in our 10g iAS integration setup was configuring WNA (Windows Native Authentication) using Kerberose. Which help you to avoid and challenge related to credentials. Here we go:
1. Have the Solaris administrator update the krb5.conf file as below
[libdefaults]
default_realm = DOMAINNAME.COM
clockskew = 300
[realms]
DOMAINNAME.COM = {
kdc = activedirectoryservername.com
kdc = activedirectoryservername.com
}
[domain_realm]
.domainname.com = DOMAINNAME.COM
domainname.com = DOMAINNAME.COM
2. Have the AD administrator create a service account for the OracleAS Single Sign-On server in Microsoft Active Directory. AD administrator will then need to create a keytab file for the server, and map the service principal (the server) to the account name. The keytab file stores the server's secret key. This file enables the server to authenticate to the KDC. The service principal is the entity, in this case, the single sign-on server, to which the KDC grants session tickets. The Keytab file is generated using KTPASS command executed on the AD host.
Ktpass.exe /princ HTTP/@DOMAINNAME.COM
/mapuser
/pass
/mapop set
+desonly
/ptype KRB5_NT_PRINCIPAL
/kvno 1
/crypto DES-CBC-CRC
/out sso.keytab
The AD Administrator will provide the keytab file which needs to be “binary” ftp’d or copied to SSO mid-tier (where OC4J_SECURITY runs) in $ORACLE_HOME/j2ee/OC4J_SECURITY/config directory.
3. Backup following SSO files :
$ORACLE_HOME/sso/conf/policy.properties
$ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn-data.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/WEB-INF/web.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/application-deployments/sso/orion-application.xml
$ORACLE_HOME/opmn/conf/opmn.xml
4. Configure WNA using ossoca.jar
$OH/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoca.jar wna \
-mode sso \
-oh $ORACLE_HOME \
-ad_realm DOMAINNAME.COM \
-kdc_host_port\
-verbose
Check login to https://hostname.domainname.com:4443/pls/orasso and click login. It should take you with any challenge. If it works you are done.
Happy Troubleshooting !!!
1. Have the Solaris administrator update the krb5.conf file as below
[libdefaults]
default_realm = DOMAINNAME.COM
clockskew = 300
[realms]
DOMAINNAME.COM = {
kdc = activedirectoryservername.com
kdc = activedirectoryservername.com
}
[domain_realm]
.domainname.com = DOMAINNAME.COM
domainname.com = DOMAINNAME.COM
2. Have the AD administrator create a service account for the OracleAS Single Sign-On server in Microsoft Active Directory. AD administrator will then need to create a keytab file for the server, and map the service principal (the server) to the account name. The keytab file stores the server's secret key. This file enables the server to authenticate to the KDC. The service principal is the entity, in this case, the single sign-on server, to which the KDC grants session tickets. The Keytab file is generated using KTPASS command executed on the AD host.
Ktpass.exe /princ HTTP/
/mapuser
/pass
/mapop set
+desonly
/ptype KRB5_NT_PRINCIPAL
/kvno 1
/crypto DES-CBC-CRC
/out sso.keytab
The AD Administrator will provide the keytab file which needs to be “binary” ftp’d or copied to SSO mid-tier (where OC4J_SECURITY runs) in $ORACLE_HOME/j2ee/OC4J_SECURITY/config directory.
3. Backup following SSO files :
$ORACLE_HOME/sso/conf/policy.properties
$ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn-data.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/WEB-INF/web.xml
$ORACLE_HOME/j2ee/OC4J_SECURITY/application-deployments/sso/orion-application.xml
$ORACLE_HOME/opmn/conf/opmn.xml
4. Configure WNA using ossoca.jar
$OH/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoca.jar wna \
-mode sso \
-oh $ORACLE_HOME \
-ad_realm DOMAINNAME.COM \
-kdc_host_port
-verbose
Check login to https://hostname.domainname.com:4443/pls/orasso and click login. It should take you with any challenge. If it works you are done.
Happy Troubleshooting !!!
Friday, August 29, 2008
X- Windows
I have encountered the issue which I have faced almost 6-7 yrs back. We have to do the installation of 10g iAS on one of the production server and we are not able to run any X-windows like VNC etc on that box due to missing packages on that server. But we do not have time to look around for unix guys and get this fixed.
So what are the options available to finish this task. This is how you can proceed. Look at the box where VNC is running, run the following from this box to the one where vnc is not running:
ssh -X targethost -l username
it will prompt for password for that user and Vola you are in. You have to have ssh daemon running on target host otherwise it will not work. We completed are job and hope this helps others to do their job on time.
Happy Troubleshooting !!!
So what are the options available to finish this task. This is how you can proceed. Look at the box where VNC is running, run the following from this box to the one where vnc is not running:
ssh -X targethost -l username
it will prompt for password for that user and Vola you are in. You have to have ssh daemon running on target host otherwise it will not work. We completed are job and hope this helps others to do their job on time.
Happy Troubleshooting !!!
Thursday, August 28, 2008
Oracle 10g SSO Integration with E-Biz 11.5.10.2 - Implementation-5
Now we are going to register Oracle Ebiz Instance with recently setup OID server. Just before we move into apps grab some information from IDM host for orasso password via following command:
$ORACLE_HOME/bin/ldapsearch -h hostname.domainname.com -p 389 -D "cn=orcladmin" -w password -b "cn=IAS,cn=Products,cn=OracleContext" -s sub -v "OrclresourceName=orasso" grep orclpasswordattribute
Once you get the orasso passsword from OID post login to Application tier of Oracle EBiz and move to $FND_TOP/bin and add $IAS_ORACLE_HOME/lib under $LD_LIBRARY_PATH variable to avoid any errors while registering.
Run this commmand and provide information required: $FND_TOP/bin/txkrun.pl -script=SetSSOReg
Enter the host name where Oracle iAS Infrastructure database is installed ?
Enter the Oracle iAS Infrastructure database port number ?
Enter the Oracle iAS Infrastructure database SID ?
Enter the LDAP Port on Oracle Internet Directory server ?
Enter Oracle E-Business apps database user password ?
Enter Oracle iAS Infrastructure database ORASSO schema password ?
Enter Oracle E-Business SYSTEM database user password ?
Enter E-Business Suite existing SSOSDK schema password or choose a password to use with the new SSOSDK schema if the schema does not exist ?
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter the instance password that you would like to register this application instance with ?
Once the required all aove information is provided you will see the scroll up with:
----------------------------------------------------------------------------------------
*** ALL THE FOLLOWING FILES ARE REQUIRED FOR RESOLVING RUNTIME ERRORS*** Log File = $OAD_TOP/rgf/SID/sso/txkSetSSOReg_Thu_Aug_28_04_31_58_2008.log
Program : $FND_TOP/bin/txkSetSSOReg.pl started @ Thu Aug 28 04:32:53 2008
*** Log File = $OAD_TOP/rgf/SID/sso/txkSetSSOReg_Thu_Aug_28_04_31_58_2008.log
######################## WARNING ########################################This application works with SSOSDK version 9.0.2 or higher. If lower version(3.0.9) of SSOSDK was installed in your system and you have a registeredpartner application, this process will remove the 3.0.9 version of the SSOSDKschema and install the 9.0.2 version.
######################## WARNING ########################################
Beginning input parameter validation for SSO registration. Beginning loading SSO SDK into database if necessary. Loading of SSO SDK into database completed successfully.Input parameter validation for SSO registration completed.Beginning input parameter validation for OID registration.Input parameters validation for OID registration completed.
BEGIN SSO REGISTRATION:
Beginning to register partner application.Partner application has been registered successfully.Single Sign-On partner application registered successfully.
BEGIN OID REGISTRATION:
Beginning to register Application and Service containers if necessary.Application and Service containers were created successfully.Beginning to register application in Oracle Internet Directory.Registration of application in Oracle Internet Directory completed successfully.Beginning to register instance password in Oracle Internet Directory.Registration of instance password in Oracle Internet Directory completed successfully.Beginning to test application registration in Oracle Internet Directory.Testing of application registration in Oracle Internet Directory completed successfully.Beginning to register provisioning profile in Oracle Internet Directory.Registration of provisioning profile in Oracle Internet Directory completed successfully.Application is now registered successfully with provisioning in Oracle Internet Directory.End of $FND_TOP/bin/txkSetSSOReg.pl : No Errors encountered
--------------------------------------------------------------------------------------
Great you are done registering your apps instance as patner application with OID. Now if you try to access your Apps instance you will challenged by SSO. you have to provide your AD username and password to get in.
Happy Troubleshooting !!!
$ORACLE_HOME/bin/ldapsearch -h hostname.domainname.com -p 389 -D "cn=orcladmin" -w password -b "cn=IAS,cn=Products,cn=OracleContext" -s sub -v "OrclresourceName=orasso" grep orclpasswordattribute
Once you get the orasso passsword from OID post login to Application tier of Oracle EBiz and move to $FND_TOP/bin and add $IAS_ORACLE_HOME/lib under $LD_LIBRARY_PATH variable to avoid any errors while registering.
Run this commmand and provide information required: $FND_TOP/bin/txkrun.pl -script=SetSSOReg
Enter the host name where Oracle iAS Infrastructure database is installed ?
Enter the Oracle iAS Infrastructure database port number ?
Enter the Oracle iAS Infrastructure database SID ?
Enter the LDAP Port on Oracle Internet Directory server ?
Enter Oracle E-Business apps database user password ?
Enter Oracle iAS Infrastructure database ORASSO schema password ?
Enter Oracle E-Business SYSTEM database user password ?
Enter E-Business Suite existing SSOSDK schema password or choose a password to use with the new SSOSDK schema if the schema does not exist ?
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter the instance password that you would like to register this application instance with ?
Once the required all aove information is provided you will see the scroll up with:
----------------------------------------------------------------------------------------
*** ALL THE FOLLOWING FILES ARE REQUIRED FOR RESOLVING RUNTIME ERRORS*** Log File = $OAD_TOP/rgf/SID/sso/txkSetSSOReg_Thu_Aug_28_04_31_58_2008.log
Program : $FND_TOP/bin/txkSetSSOReg.pl started @ Thu Aug 28 04:32:53 2008
*** Log File = $OAD_TOP/rgf/SID/sso/txkSetSSOReg_Thu_Aug_28_04_31_58_2008.log
######################## WARNING ########################################This application works with SSOSDK version 9.0.2 or higher. If lower version(3.0.9) of SSOSDK was installed in your system and you have a registeredpartner application, this process will remove the 3.0.9 version of the SSOSDKschema and install the 9.0.2 version.
######################## WARNING ########################################
Beginning input parameter validation for SSO registration. Beginning loading SSO SDK into database if necessary. Loading of SSO SDK into database completed successfully.Input parameter validation for SSO registration completed.Beginning input parameter validation for OID registration.Input parameters validation for OID registration completed.
BEGIN SSO REGISTRATION:
Beginning to register partner application.Partner application has been registered successfully.Single Sign-On partner application registered successfully.
BEGIN OID REGISTRATION:
Beginning to register Application and Service containers if necessary.Application and Service containers were created successfully.Beginning to register application in Oracle Internet Directory.Registration of application in Oracle Internet Directory completed successfully.Beginning to register instance password in Oracle Internet Directory.Registration of instance password in Oracle Internet Directory completed successfully.Beginning to test application registration in Oracle Internet Directory.Testing of application registration in Oracle Internet Directory completed successfully.Beginning to register provisioning profile in Oracle Internet Directory.Registration of provisioning profile in Oracle Internet Directory completed successfully.Application is now registered successfully with provisioning in Oracle Internet Directory.End of $FND_TOP/bin/txkSetSSOReg.pl : No Errors encountered
--------------------------------------------------------------------------------------
Great you are done registering your apps instance as patner application with OID. Now if you try to access your Apps instance you will challenged by SSO. you have to provide your AD username and password to get in.
Happy Troubleshooting !!!
Subscribe to:
Posts (Atom)
