Skip Headers
Oracle® Application Server Release Notes
10g (9.0.4) for Solaris Operating System (SPARC)
Part No. B10629-15
  Go To Documentation Library
Home
Go To Table Of Contents
Contents

Previous
Previous
Next
Next
 

4 General Management and Security Issues

This chapter describes management and security issues associated with Oracle Application Server. It includes the following topics:

4.1 Supported Network Features

Table 4-1 shows the networking features that are supported for the Solaris Operating System:

Table 4-1 Supported Networking Procedures

Feature Supported?

Installing Oracle Application Server on a host using DHCP.

NoFoot 1 

Installing Oracle Application Server on a host off of the network.

NoFootref 1

Changing the hostname of a host containing an Oracle Application Server middle-tier instance.

Yes

Refer to the Oracle Application Server 10g Administrator's Guide.

Changing the IP address of a host containing an Oracle Application Server middle-tier instance.

Yes

Refer to the Oracle Application Server 10g Administrator's Guide.

Changing the hostname of a host containing an Oracle Application Server Infrastructure.

No

Changing the IP address of a host containing an Oracle Application Server Infrastructure.

Yes

Refer to the Oracle Application Server 10g Administrator's Guide.


Footnote 1 This functionality is supported on Linux and Microsoft Windows operating systems.

4.2 OPMN Issues

This section describes OPMN issues. It includes the following topic:

4.2.1 Error Message When Executing opmnctl Commands

When you execute either an opmnctl stopall or opmnctl startall command, the oidctl log file contains the following error message:

*** Instance Number already in use. *** 
*** Please try a different Instance number. ***

This error message is benign and can be ignored.

This error message typically appears for OracleAS Infrastructure 10g installations with Oracle Internet Directory.

4.2.2 Problem with Application Server Control Ports Page

When you go to the Application Server Control ports page, the Oracle HTTP Server Diagnostic Port is displayed for Oracle HTTP Server Listener. After you restart OPMN, the diagnostic port will no longer be displayed.

4.2.3 Documentation Errata

The following are documentation errata in the Oracle Process Manager and Notification Server Administrator's Guide:

  • In Chapter 4, "opmn.xml Common Configuration" of the Oracle Process Manager and Notification Server Administrator's Guide, the attribute of <local> is indicated for the description for <ipaddr>. The <local> attribute is not available for <ipaddr>.

  • On page 4-7, the last sentence:

    "The process-manager contains the configuration definitions for the PM portion of OPMN.The"

    should be:

    "The process-manager contains the configuration definitions for the PM portion of OPMN."

  • On page 9-1, the sentence:

    "This chapter describes Oracle Application Server (OracleAS Port Tunnel) configuration ... "

    should be:

    "This chapter describes Oracle Application Server Port Tunnel (OracleAS Port Tunnel) configuration ..."

  • On Page.11-1:

    The sentence:

    "This chapter describes Oracle Application Server OracleAS ProcessConnect configuration ... "should be:"This chapter describes Oracle Application Server ProcessConnect (OracleAS ProcessConnect) configuration ... "

  • On Page.Index-2:

    integration-manager|, 11-7

    should be:

    integration-manager, 11-7

  • On Page.Index-2:

    The index listing:

    log page, 17-3 should be:log page, 17-3

  • On Page.Index-4:

    The index listing:

    process-set id, 11-8 should be:

    im_instance id, 11-8

  • On Page.Index-5:

    The index listings:

    ui, 2-17 uid, 2-16 should be:

    uid, 2-16,2-17

4.3 DCM Issues

This section describes DCM issues. It includes the following topic:

4.3.1 Tune the DCM Auto-archiving Feature to Improve System Performance

When you install Oracle Application Server, the DCM auto-archiving feature is configured to maintain fifteen backup archives. You can improve system performance by reducing the number of archives, or turning off auto-archiving.

To reduce the number of archives, for example, to 5:

ORACLE_HOME/dcm/bin/dcmctl set -arch 5

To turn off auto-archiving:

ORACLE_HOME/dcm/bin/dcmctl set -arch 0

Refer to Distributed Configuration Management Reference Guide for more information about DCM auto-archiving.


Note:

Limiting or disabling DCM auto-archiving may affect your ability to recover from system failures.

4.3.2 Error Message Output for dcmctl Commands

By default, dcmctl commands run in troubleshooting mode. Detailed stack traces and trace messages are output for every dcmctl command that results in an error or warning.

If you do not want these error messages recorded, run your dcmctl command within the dcmctl shell with the set -d off option. More information about the dcmctl set command is available in the Distributed Configuration Management Reference Guide.

4.3.3 File Based Repository Does Not Work Outside Firewall

If you have a Farm using a File-Based Repository (FBR) you cannot include an Oracle Application Server instance outside the firewall in the Farm.

If you want to create an Oracle Application Server cluster across the firewall, you can use either a Database-Based Repository (DBR) or configure a non-managed cluster.

4.4 Other Management Issues

This section describes other management issues. It includes the following topics:

4.4.1 Error Messages for Multi-Installations

If you have more than one Oracle Application Server installation running on your system you may see the following errors when you perform a stopall from the Oracle Enterprise Manager home page:

OC4J:OC4J_Portal- time out while waiting for a managed process to stop 
OC4J:OC4J_BI_Forms- time out while waiting for a managed process to stop 

These error messages are benign. The Oracle Application Server components are actually stopping.

4.4.2 Online Help for Oracle Wallet Manager is Not Available

The online help for Oracle Wallet Manager is not available. If you try to use the online help, an error code will be displayed.

Refer to Oracle Application Server 10g Security Guide for Oracle Wallet Manager information.

4.4.3 Open Wallet Failed Message on STDOUT

When registering OracleAS Metadata Repository with Oracle Internet Directory the DBCA output will feature a message "OPEN WALLET FAILED". This error message can be seen from in the DBCA output to Oracle Universal Installer screen or in the ORACLE_HOME/oraInventory/logs/installActions<time.stamp>.log file.

This message is benign and has no affect on the registration process.

4.4.4 Alter Database Open Resetlogs Fails With ORA-01194

The Backup and Recovery section in the Oracle Application Server 10g Administrator's Guide contains instructions for using the OracleAS Backup and Recovery Tool to perform point-in-time recovery when restoring the OracleAS Metadata Repository to a new host. The instructions advise you to use "alter database open resetlogs" if you get an error while performing the recovery.

In rare cases, the "alter database open resetlogs" command may fail with error ORA-01194. If this happens, check the restore log generated by the OracleAS Backup and Recovery Tool. You should find that one or more data files were not restored. If this is the case, rerun the OracleAS Backup and Recovery Tool using the same options as the first time you ran it. Then use the "alter database open resetlogs" and it should work without error.

4.4.5 Ignore Warnings in warn.log File When Running chgiphost.sh Script

When running the chgiphost.sh script following installation of any Oracle Application Server install type, warning messages are generated in the warn.log file. The warning messages are benign and can be ignored.

4.4.6 chgiphost.sh Script Returns Benign Error Messages in Standalone J2EE and Web Cache Installation

When you run the chgiphost.sh script on a J2EE and Web Cache installation that does not use OracleAS Infrastructure 10g services, the following types of error messages may be logged in the actions.log and error.log files:

  • actions.log file:

    main::ias_instance_oid::372**    Error while executing
    main::update_modosso::372**    Error while executing
    
    
  • error.log file:

    Exception: Unable to establish connection to the Oracle Internet Directory
    Server ldap://:/. Base Exception : javax.naming.CommunicationException:
    localhost:389 [Root exception is java.net.ConnectException: Connection refused]
    
    oracle.ias.repository.schema.SchemaException: Unable to establish connection to
    the Oracle Internet Directory Server ldap://:/. Base Exception : 
    javax.naming.CommunicationException: localhost:389 [Root exception is 
    java.net.ConnectException: Connection refused]
    main::ias_instance_oid::371**    Error while executing ....
    main::update_modosso::371**    Error while executing ....
    
    

These error messages are benign and can be ignored.

4.4.7 Error Message Using OracleAS Backup and Recovery Tool

If you perform a backup of the OracleAS Metadata Repository using the OracleAS Backup and Recovery Tool, RMAN returns error message RMAN-06089, which indicates that an archived log is out of sync with the catalog. This occurs if any of the archived logs are lost.

Before you retry the OracleAS Backup and Recovery Tool, execute the following command in RMAN:

change archivelog all validate;

Then rerun the OracleAS Backup and Recovery Tool to perform the OracleAS Metadata Repository backup.

4.4.8 Set ORACLE_HOME for Database Listener

You must to set the ORACLE_HOME environment variable before start-up or shutdown of the OracleAS Infrastructure 10g database listener. If you do not, a core dump occurs.

4.4.9 Identity Management, High Availability Configuration

Documentation regarding the concepts and implementation of a rack-mounted/multi-computer, Identity Management High Availability configuration is available in the Oracle Internet Directory Administrator's Guide and the Oracle Application Server Single Sign-On Administrator's Guide.

Consolidated and single source of installation and configuration of rack-mounted Identity Management is available in the white paper titled "Highly Available Identity Management Deployment Example - Rack-Mounted Identity Management" available at:

http://otn.oracle.com/products/ias/hi_av/904_rack_mounted_im.pdf

The white paper contains the updated and detailed information on the necessary steps to implement a rack-mounted/multi-computer configuration.

In future releases the rack-mounted/multi-computer configuration will be supported and available as an installation option.

4.4.10 Remove Instances from a File-based Cluster and Farm before Changing the Hostname

Before changing the hostname or IP address of a middle-tier instance that is part of a file-based cluster, you must remove the instance from the cluster and the farm using the following commands:

dcmctl leaveCluster
dcmctl leaveFarm

After changing the hostname or IP address, add the instance back to the cluster and farm.

To add the instance back to the cluster use the following command:

dcmctl joinCluster -cl <clustername>

To add the instance back to the farm:

  • Run the following command in an instance that is already in the farm:

    dcmctl getRepositoryID
    
    
  • Run the following command in the instance you would like add back to the farm:

    dcmctl joinFarm -r <repositoryID>
    
    

4.5 Documentation Errata

This section describes known errors in management and security documentation. It contains the following topic:

4.5.1 Changing OPMN Ports (ONS Local, Request, and Remote)

The procedure for changing the ONS local, request, and remote ports in Oracle Application Server 10g Administrator's Guide is incorrect as follows:

  • It states that you can use Application Server Control to change the ONS local, request, and remote port numbers. This is not correct—do not use Application Server Control to change these ports.

  • The procedure for changing the ports manually is incorrect. Use the following procedure:

    1. Shut down all processes:

      emctl stop iasconsole
      emctl stop agent
      opmnctl stopall
      
      
    2. Under the <notification-server> element, modify the local, remote, and request parameters, as desired, in the <port> element. For example:

      <port local="6101" remote="6201" request="6004"/>
      
      
    3. Save and close the file.

    4. Reload OPMN:

      opmnctl reload
      
      
    5. Start OPMN:

      opmnctl start
      
      
    6. If this is an Infrastructure with Oracle Internet Directory, start Oracle Internet Directory:

      opmnctl startproc ias-component=OID
      
      
    7. Start the rest of your processes:

      opmnctl startall
      
      
    8. Update DCM:

      dcmctl updateConfig -ct opmn
      

4.5.2 Querying the Runtime JServ Port

The procedure for querying the runtime JServ port in Oracle Application Server 10g Administrator's Guide is incorrect.

You can query the runtime JServ port numbers as follows:

  • If you use mod_oprocmgr to manage JServ, make sure the oprocmgr-status handler is activated in ORACLE_HOME/Apache/Apache/conf/httpd.conf with the following directive:

    <ifModule mod_oprocmgr.c>
      <Location /oprocmgr-service>
        SetHandler oprocmgr-service
      </Location>
    </ifModule>
    
    

    Enter the following URL in your browser, and you will see the status of all processes currently managed by your process manager, including JServ:

    http://hostname:http_port/oprocmgr-status
    
    
  • If you are not using mod_oprocmgr, but instead use a traditional JServ configuration, you can query the runtime ports with the following URL:

    http://hostname:http_port/jserv
    
    

    Note that the "jserv" portion of the preceding URL is protected to only be viewed from localhost. This is configured in ORACLE_HOME/Apache/Jserv/etc/jserv.conf. You can expand permissions to view from other hosts, or provide the following URL from the same host:

    http://localhost:port/jserv
    

4.5.3 Restart Infrastructure Processes After Restoring a Metadata Repository

The procedures in Oracle Application Server 10g Administrator's Guide for restoring a Metadata Repository are incomplete. You should restart all Infrastructure processes after restoring a Metadata Repository.

4.5.4 Guidance for Password for OracleAS Portal Users

In Section 7.2.3 "Configuring Portal after Installation" of the Oracle Application Server 10g Administrator's Guide the guidance on the password for the OracleAS Portal user is incorrect. It states the following:

"You can log in to Portal as portal. Use the ias_admin password you supplied during middle-tier installation. If you have changed the ias_admin password, @ you must still supply the original ias_admin password."

Instead, it should state:

"You can log in to OracleAS Portal as portal. If this is the first instance of OracleAS Portal to use OracleAS Infrastructure 10g, then the OracleAS Portal user password would be portal10g. However, if you already have OracleAS Portal instances associated with the Infrastructure then the OracleAS Portal user password is the ias_admin password of the first OracleAS Portal instance associated to this OracleAS Metadata Repository."

4.5.5 Missing Step in Configuring DAS After Installation

In Section 7.2.9 "Configuring Delegated Administration Service (DAS) After Installation" of the Oracle Application Server 10g Administrator's Guide, there is a step missing. Before you configure DAS, you must first configure mod_osso. The steps to configure mod_osso are located in Section 12.7.1, "Configuring mod_osso (Required for Oracle Delegated Administration Services)" of the Oracle Application Server 10g Installation Guide.

4.5.6 Misspelling in Stop the Metadata Repository Listener Step

In section 5.6.1 "Changing the Metadata Repository Net Listener Port" of the Oracle Application Server 10g Administrator's Guide, Step 2: Stop the Metadata Repository Listener, the following command:

lscnrctl stop

should be

lsnrctl stop

4.5.7 Incorrect Commands in Changing Infrastructure Services Section

In Chapter 8, "Changing Infrastructure Services" of the Oracle Application Server 10g Administrator's Guide, Section 8.6.4, "Procedure" contains the following documentation errata:

  • Task 2, Step 6, the command line:

    ORACLE_HOME/bin/rman target cmdfile=BACKUP_DIR/cold_backup.rcv > BACKUP_DIR/log_files/backup.log
    
    

    should be:

    ORACLE_HOME/bin/rman target / cmdfile=BACKUP_DIR/cold_backup.rcv >BACKUP_DIR/log_files/backup.log 
    
    
  • Task 3, Step 5, the command line:

    prompt> ORACLE_HOME/bin/rman cmdfile=BACKUP_DIR/restore.rcv > BACKUP_DIR/log_files/restore.log
    
    

    should be:

    prompt> ORACLE_HOME/bin/rman / cmdfile=BACKUP_DIR/restore.rcv >BACKUP_DIR/log_files/restore.log 
    
    
  • Task 5, Step 6, the following instructions must also be included at the end of the step:

    Update all other instances of the old db_name (except for the instance_name) to the new db_name. Specifically, you may have to update directory paths which contain the old db_name.

4.5.8 Incorrect LDAP-based Replica Step

In the Oracle Application Server 10g Administrator's Guide, Section F.2, "Installing and Setting up an LDAP-based Replica" Task 6, Step 19, Validation Step, Verify that DIP was configured successfully. Step 19 instructs you to navigate to the Directory Integration Page on the Application Server Control Console.Instead, it should say to navigate to the Oracle Internet Directory Home Page and click Directory Integration.