Category: Weblogic

Identity Store Configuration — setting in EM

Posted on by manojkinage

Identity Store Configuration — setting in em

Go to –>
Domain Name –> Right Click –> Identity Store Configuration –> then add the below property

1) user.login.attr    –> uid

2) PROPERTY_ATTRIBUTE_MAPPING  –> GUID=uid

3) virtualize –> true

4) CONNECTION_POOL_CLASS  –> oracle.security.idm.providers.stdldap.JNDIPool — This comes default

=====================================================================================================

After adding the virtualize=true property,the side effect is that your domain logs may capturing a high value of libOVD

warning messages.

To prevent that unwanted messages perform the following the steps

Connect to the SOA domain:

connect(‘<admin user>’,'<admin password>’,’t3://<admin host>:<admin port>’)

Run this command for each managed server:

setLogLevel(target='<managed server name>’,logger=’oracle.ods.virtualization’,level=’ERROR:1′,addLogger=1)

Connect to the WCP domain:

connect(‘<admin user>’,'<admin password>’,’t3://<admin host>:<admin port>’)

Run this command for each managed server:

setLogLevel(target='<managed server name>’,logger=’oracle.ods.virtualization’,level=’ERROR:1′,addLogger=1)

**Restarts are not necessary.**
=====================================================================================

WebLogic Troubleshooting

Posted on by manojkinage

WebLogic Troubleshooting

1) Inclidubg the time taken field in access.log
Console — lock & edit — Environment — servers — managed server — Logging –http– advanced — extended — format –and type

c-ip date time cs-method cs-uri sc-status bytes time-taken

save and activate changes, repeat the above procedure for all managed server
It will show you which pages or request taken longer time
————————————————————-
—————————————————————–
2) Enabling verbose garbage collection logging

add the following parameter in server start argument
-Xverbose:memory,gc -XverboseTimeStamp

check the system load using $sar -q command and find the highest load and check at that .out log

Enabling verbose log without restarting server

$ps aux | grep Prod_server01 | grep -v grep | awk ‘{print $2}

$jrcmd PID verbosity set=gc,memory
——————————————————————————————————–
3) Taking Thrad dumps

The thread dumps can be taken from the administration console, shell or using jrcmd command

a)using administration console

console — environment — servers– servername — monitoring — threads — Dump Thread Stacks

b) using jrcmd

$ps aux | grep Prod_server01 | grep -v grep | awk ‘{print $2}
$jrcmd PID print_threads some_log_file

c) Using Kill command
$Kill -3 PID

It will generate log file in default log file
———————————————————————————————————-
4) Enabling JRockit Mission Control Flight Recorder

Add the following server start parameter

-XX:FlightRecorderOptions=defaultrecording=true,disk=true,repository=./jfr/Prod_server01,maxage=1440ms,size=100m

maxage and size value 0= unlimited
—————————————————————————————————————-
5) Analyzing Heap Dump

The heap dump can be performed using jrcmd command

$jrcmd PID hprofdump

Analyze heap dump using Eclipse memory analyzer (MAT)

————————————–

6) Generating the deap dump automatically on OOM ( Out Of Memory ) conditions

add the below argument in server startup

-XX:+HeapDumpOnOutOfMemoryError

heap file dump generating same like generating using jrcmd command

———————————————————————————————–

7) Recovering the WebLogic Admin Password

$ cd $DOMAIN_HOME/bin
$. ./setDomainEnv.shell
start wlst

$cd $WL_HOME/common/bin/wlst.sh

run the following command

from weblogic.security.internal import BootProperties .BootProperties.load(“/oracle/Middleware/user_project/domains/PROD_DOMAIN/servers/PROD_Adminserver/security/boot.properties”,false)
prop = BootProperties.getBootProperties()
print “username: ” + prop.getOneClient()
print “password: ” + prop.getTwoClient ()

the usename and password will be displayed on the screen, using the same method we can recover the datasource password also
——————————————————————————————————–

Admin Server Fails to start with JPS-01055 exception

Posted on by manojkinage

<Dec 28, 2015 12:14:12 PM IST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: java.lang.ClassCastException: oracle.jdbc.xa.client.OracleXADataSource
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: java.lang.ClassCastException: oracle.jdbc.xa.client.OracleXADataSource
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: java.lang.ClassCastException: oracle.jdbc.xa.client.OracleXADataSource
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:170)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:383)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsException: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: java.lang.ClassCastException: oracle.jdbc.xa.client.OracleXADataSource
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2984)
at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3228)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:383)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.service.credstore.CredStoreException: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: java.lang.ClassCastException: oracle.jdbc.xa.client.OracleXADataSource
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.init(LdapCredentialStore.java:125)
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.<init>(LdapCredentialStore.java:116)
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStoreProvider.getInstance(LdapCredentialStoreProvider.java:135)
at oracle.security.jps.internal.credstore.rdbms.DbmsCredentialStoreProvider.getInstance(DbmsCredentialStoreProvider.java:68)
at oracle.security.jps.internal.credstore.rdbms.DbmsCredentialStoreProvider.getInstance(DbmsCredentialStoreProvider.java:46)
Truncated. see log file for complete stacktrace

 

Solution:-

A. Verify that the OPSS schema is accessible.

Use sqldeveloper, toad, or sqlplus to attempt the connection to the schema.
If it fails resolve the connection issue.

B. Specifically for the expired password

1. Reset the OPSS schema password
2. Set the password to not expire
3. Restart the domain AdminServer and the UCM managed server(s)

Weblogic AdminServer startup parameters

Posted on by manojkinage

This parameter is found on oracle Cloud.

-Xms2048m -Xmx2048m -XX:PermSize=256m -XX:MaxPermSize=512m -Xloggc:/u01/data/domains/CloudWeb_domain/GC_CloudWeb_adminserver.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=2 -XX:GCLogFileSize=5m -Doracle.security.jps.db.connect.max.retry=360 -Doracle.security.jps.db.connect.retry.interval=10000 -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -XX:+UnlockCommercialFeatures -XX:+FlightRecorder -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps