Keystore was tampered with, or password was incorrect

Problem

Getting this error starting up the SOA managed server:

####<Mar 8, 2017 10:37:47 PM GMT> <Error> <HTTP> <soahost1.raastech.com> <soa_server1> <[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <0000Lek4HZl3b605zzT4iW1Ok8Tk000003> <1489012667644> <BEA-101216> <Servlet: "FabricProviderServlet" failed to preload on startup in Web application: "/soa-infra".
oracle.fabric.common.FabricException: Unable to create SSL Socket Factory: Keystore was tampered with, or password was incorrect
        at oracle.integration.platform.common.SSLSocketFactoryManagerImpl.getSSLSocketFactory(SSLSocketFactoryManagerImpl.java:74)
        at oracle.integration.platform.blocks.soap.AbstractWebServiceBindingComponent.setProviderConnectionConfig(AbstractWebServiceBindingComponent.java:1035)
        at oracle.integration.platform.blocks.soap.FabricProvider.init(FabricProvider.java:60)
        at oracle.j2ee.ws.server.provider.ProviderProcessor.initProvider(ProviderProcessor.java:253)
        at oracle.j2ee.ws.server.provider.ProviderProcessor.init(ProviderProcessor.java:179)
        at oracle.j2ee.ws.server.provider.ProviderServlet.initializeProcessor(ProviderServlet.java:634)
        at oracle.j2ee.ws.server.provider.ProviderServlet.init(ProviderServlet.java:313)
        at oracle.j2ee.ws.server.provider.ProviderServlet.init(ProviderServlet.java:242)
        at oracle.integration.platform.blocks.soap.FabricProviderServlet.init(FabricProviderServlet.java:123)
        at javax.servlet.GenericServlet.init(GenericServlet.java:241)
        at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
        at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
        at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
Caused By: java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
        at java.security.KeyStore.load(KeyStore.java:1226)
        at oracle.j2ee.ws.saaj.util.SSLUtil.loadKeyStore(SSLUtil.java:72)
Caused By: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
        at java.security.KeyStore.load(KeyStore.java:1226)
        at oracle.j2ee.ws.saaj.util.SSLUtil.loadKeyStore(SSLUtil.java:72)
        at oracle.j2ee.ws.saaj.util.SSLUtil.getKeyManagerFactory(SSLUtil.java:87)
        at oracle.j2ee.ws.saaj.util.SSLUtil.getKeyManagers(SSLUtil.java:96)

Solution

1. Log in to the EM Console: http://soahost1:7001/em

2. Expand WebLogic Domain

3. Right-click on soadomain

4. Navigate to Security > Credentials

5. Expand SOA

6. Edit the entry and modify the password to the keystore password

Applicable Versions

• Oracle SOA Suite 11g (11.1.1.9.0)

 

bsu.sh JDK6.0 No such file or directory

Problem

If you run the BSU command for WebLogic patching:

cd /u01/app/oracle/middleware/utils/bsu 

./bsu.sh

You get the following error:

./bsu.sh: line 7: /u01/app/oracle/middleware/JDK6.0/bin/java: No such file or directory

Solution

1. Edit this file:

vi /u01/app/oracle/middleware/utils/bsu/bsu.sh

2. Comment out the following line or set it to a valid JAVA_HOME:

JAVA_HOME="/u01/app/oracle/middleware/JDK6.0"

 

Applicable Versions

• Oracle WebLogic Server 11g (10.3.6)

 

soa-infra (11.1.1.9) in warning state due to CaseEventMDB not connected to messaging system

Problem

The "soa-infra" application is showing a warning state because of "CaseEventMDB".

This is the corresponding warning that shows up in soa_server1.out:

<Mar 10, 2017 1:07:40 PM GMT> <Warning> <EJB> <BEA-010061> <The Message-Driven EJB: CaseEventMDB is unable to connect to the JMS destination: jms/bpm/CaseEventQueue. The Error was: The destination for the MDB CaseEventMDB(Application: soa-infra, EJBComponent: oracle.bpm.casemgmt.ejb.jar) could not be resolved at this time. Please ensure the destination is available at the JNDI name jms/bpm/CaseEventQueue. The EJB container will periodically attempt to resolve this MDB destination and additional warnings may be issued.> 

I have not attempted to implement the instructions in Oracle Doc ID 1584300.1, but likely it will not work since that note is specific to the 11.1.1.6 to 11.1.1.7 upgrade.


Solution

1. The original installation was faulty. Nothing you can do at this point to fix it aside from a reinstall.

 

Applicable Versions

• Oracle SOA Suite 11g (11.1.1.9.0)

 

Change or Reset the ODS Password for OID

1. Set the environment:

export ORACLE_HOME=/u01/app/oracle/middleware/Oracle_OID 

export ORACLE_INSTANCE=/u01/app/oracle/middleware/asinst_1

export TNS_ADMIN=$ORACLE_INSTANCE/config

export PATH=$ORACLE_HOME/bin:$ORACLE_HOME/ldap/bin:$ORACLE_INSTANCE/bin:$PATH 

cd $ORACLE_INSTANCE/OID/admin

2. If creating a new wallet, then remove the current wallet:

mv oidpwdlldap1 oidpwdlldap1.orig.20170426

3. To CREATE a new wallet with a new ODS password (a new "oidpwdlldap1" file will be created):

$ORACLE_HOME/ldap/bin/oidpasswd connect=OIDDB create_wallet=true

4. To RESET the ODS password:

$ORACLE_HOME/ldap/bin/oidpasswd connect=OIDDB change_oiddb_pwd=true

 

References

• http://docs.oracle.com/cd/E28280_01/admin.1111/e10029/oid_susers.htm#OIDAG2247
• http://www.oraworld.co.uk/oid-ldap-commands-unable-to-locate-message-file-ldap-msb/
• https://oraidm.wordpress.com/2015/08/17/oidpasswd-failed-with-ora-00942-table-or-view-does-not-exist/

Applicable Versions

• Oracle Internet Directory (OID) 11g

 

Raastech @ GLOC

Going to GLOC in Cleveland this May 17-18? If so, then check out some of the presentations some of our top consultants be giving at the conference!

Title	Provisioning Your First DBaaS Instance with Oracle Database Cloud Service
Description	Moving to the cloud is inevitable, yet many haven’t started getting their hands dirty yet. This presentation will walk you through key Oracle Cloud concepts for those who have never seen or used it before, and walk through provisioning a cloud database, which includes storage and infrastructure. We explain how to access it, and discuss various administration concepts. This presentation is perfect for the Oracle DBA who wants to understand how to get started administering an Oracle DBaaS environment, from a technical perspective.
Date	Thu, May 18, 2017
Time	4:00pm - 5:00pm
Presenter	Ahmed Aboulnaga
Title	Getting Started with Oracle BPM Suite Development
Description	Let’s face it. There’s a shortage of Oracle BPM development skills out there. And developing SOA-based integrations is not quite the same as modeling business processes. This presentation is self-explanatory and is geared towards Oracle SOA Suite developers who want to understand key concepts surrounding BPM and how to get started developing your first business process.
Date	Thu, May 18, 2017
Time	8:30am - 9:30am
Presenter	Harold Dost III
Title	Domain Partitions and Multitenancy in Oracle WebLogic Server 12c - Why It's Useful
Description	Do we really need virtualization within Oracle WebLogic Server? Last year, I said no. This year, my opinion has changed. I explain domain partitions, how to set it up, and when you'd want have multiple partitions in a single WebLogic domain. I also discuss the App2Cloud utility from Oracle which simplifies the migration of your on-premise WebLogic domain to the Oracle Java Cloud Service (JCS). Attend this presentation and find out what changed my mind.
Date	Thu, May 18, 2017
Time	2:45pm - 3:45pm
Presenter	Ahmed Aboulnaga

See you there!

Recap of Oracle Compute Cloud vs. AWS EC2 at NATCAP-OUG

Last night's NATCAP-OUG meetup was attended by around 20 people, and there was a good lively discussion surrounding the Oracle Compute Cloud vs. Amazon Web Services EC2 presentation.

After a brief overview of IaaS and differences between virtualization and cloud computing, Ahmed Aboulnaga dug right in to his live demo of provisioning an Oracle Compute Cloud instance, setting up public/private keys, and installing the General Purpose Desktop to connect through VNC.

A lot of great discussion took place between the presenter, organizers, and the attendees during the presentation. Some mentioned their issues with the UI and support, while others were happy with overall cost and performance. It's this back-and-forth and sharing of experiences that made the event valuable to all.

Many thanks to NATCAP-OUG for organizing this meetup.

[Quick Tip] AWS SDK: Get Account Number

I ran into an issue the other day, where I was looking to determine which account I was in on AWS. Since we are primarily trying to work with Javascript on the project. I decided to do this one in Javascript as well.

Code:

var iam = new AWS.IAM();

iam.getUser(null,function(err,data){
    output = data['User'].Arn.match(/arn\:aws\:iam\:\:(\d{12})\:user\/.*/i);
    console.log(output[1]);
});

Obviously you can just log it out, but you can also use it for more practical purposes, such as verifying which account you're in before doing something important. In my case I using for some automated scripts so that they determine what they are going to do based on which account they are using at the time. Preventing certain actions.



References:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/match
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/IAM.html#getUser-property

"Certificates does not conform to algorithm constraints" when starting up Oracle Access Manager 11g

Problem:

While starting up the Oracle Access Manager 11gr2ps3 (OAM 11.1.2.3.0) AdminServer, you may receive continuously repeating errors of the following:

<Feb 8, 2017 3:26:57 AM GMT> <Warning> <Coherence> <BEA-000000> <2017-02-08 03:26:57.537/135.970 Oracle Coherence GE 3.7.1.13 <Warning> (thread=PacketListener1, member=n/a): TcpDatagramSocket{bind=ServerSocket[addr=/192.168.0.10,localport=9001]}, exception regarding peer iamhost1/192.168.0.10:9001, General SSLEngine problem; Certificates does not conform to algorithm constraints>

Solution:

In this case, we had upgraded our JDK version from jdk1.7.0_91 to jdk1.7.0_121, which introduced this error.

1. Restore the previously working JDK version, or consider looking at changing your JDK version.

Applicable Version:

• Oracle Access Manager (OAM) 11g (11.1.2.3.0)

Raastech @ NATCAP-OUG

Are you in the Washington DC area? This Tuesday, March 5, Raastech will be giving a presentation comparing the IaaS offerings from Oracle and Amazon, including a live demo!

Check out the NATCAP-OUG website for more details on the event.

Title	Oracle Compute Cloud vs. Amazon Web Services EC2 – A Hands-On Showdown
Description	We walk through the end-to-end process of provisioning an Oracle Compute Cloud instance from scratch – adding storage, defining firewall rules, creating a private key, and connecting through VNC. Then we do the same thing with Amazon Web Services (AWS) EC2. Speed of provisioning is one of the benefits of the cloud, so let’s embark on this live walkthrough together, see how easy it is to get up and running, and compare the IaaS offering from Oracle and Amazon.
Date	Tue, Mar 7, 2017
Time	8:00pm - 9:00pm
Presenter	Ahmed Aboulnaga

See you there!