Raastech Blog: July 2017

Saturday, July 29, 2017

WebGate 10g for Windows 2012 R2: "Could not read file" netlibmsg.xml

Problem

In this log file C:\NetPoint\Webgate\access\oblix\logs\oblog.log, you see the following:

2017/05/16@22:31:48.570000 1876 1521 INIT ERROR 0x000003B6 base\oblistrwutil.cpp:192 "Could not read file" filename^E:\NetPoint\Webgate\access//oblix/lang/en-us/netlibmsg.xml

Solution

1. No action needed. There is no adverse impact on WebGate functionality.

Applicable Versions

Oracle WebGate 10g (Windows 32-bit)

Friday, July 21, 2017

BAM-00404 Authentication failed

Problem

Getting the following error in the BAM logs:

[2017-04-12T21:27:03.699+00:00] [bam_server1] [WARNING] [] [oracle.bam.adc.security] [tid: [ACTIVE].ExecuteThread: '87' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 5e3db6b798b0c5d6:-6f4d0d44:15b6408a2e3:-8000-00000000000019b7,0] [APP: oracle-bam#11.1.1] [100] Exception occurred in method Authenticator.setUserContext([[
BamSubject:
    BAM USER ID:      0
    User:
        Name:        weblogic
        Class:       weblogic.security.principal.WLSUserImpl
    Anonymous User:   null
    Application Role:
        Name:        Administrator
        Class:       oracle.security.jps.service.policystore.ApplicationRole
        GUID:        9630B38048C811E3BFF9A38AAABA83CB
        Application: oracle-bam#11.1.1
   Application Role:
        Name:        authenticated-role
        Class:       oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl
        GUID:        null
        Application: null
    Group:
        Name:        Operators
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:
        Name:        Administrators
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:
        Name:        OracleSystemGroup
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:
        Name:        CrossDomainConnectors
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:
        Name:        AdminChannelUsers
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:
        Name:        AppTesters
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:
        Name:        Monitors
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:
        Name:        Deployers
        Class:       weblogic.security.principal.WLSGroupImpl)
Exception: oracle.bam.common.security.authentication.AuthenticationException: . User is marked inactive.
at oracle.bam.adc.security.authentication.Authenticator.synchronizeUser(Authenticator.java:1194)
at oracle.bam.adc.security.authentication.Authenticator.setUserContext(Authenticator.java:804)
at oracle.bam.adc.kernel.server.DataStoreServer.setUserContext(DataStoreServer.java:475)
at oracle.bam.adc.ejb.BamAdcServerBean.interceptor(BamAdcServerBean.java:261)
at sun.reflect.GeneratedMethodAccessor995.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.oracle.pitchfork.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:68)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:103)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:135)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:122)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:193)
at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:113)
at sun.reflect.GeneratedMethodAccessor992.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.oracle.pitchfork.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:68)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy249.ping(Unknown Source)
at oracle.bam.adc.ejb.BamAdcServerBean_wf34ei_BamAdcServerRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.bam.adc.ejb.BamAdcServerBean_wf34ei_BamAdcServerRemoteImpl.ping(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:89)
at com.sun.proxy.$Proxy150.ping(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at oracle.bam.common.remoting.BamEjbClient.invoke(BamEjbClient.java:1546)
at com.sun.proxy.$Proxy248.ping(Unknown Source)
at oracle.bam.adc.api.client.BamAdcClient.ping(BamAdcClient.java:269)
at oracle.bam.common.remoting.BamEjbClient.isADCServerAvailableForWebAppInit(BamEjbClient.java:1830)
at oracle.bam.web.shared.WebPage.processRequest(WebPage.java:384)
at oracle.bam.web.shared.WebPage.processRequest(WebPage.java:350)
at jsp_servlet._19427.__startpage._jspService(__startpage.java:71)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.bam.web.cache.ClientSideCache.doFilter(ClientSideCache.java:93)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.bam.web.filters.GZIPFilter.doFilter(GZIPFilter.java:97)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.bam.web.filters.ValidateBrowserSession.doFilter(ValidateBrowserSession.java:211)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.bam.web.redirect.Redirect.doFilter(Redirect.java:80)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.bam.web.filters.ValidateBrowserSupport.doFilter(ValidateBrowserSupport.java:138)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.bam.web.filters.CharsetFixupFilter.doFilter(CharsetFixupFilter.java:65)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:121)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:211)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:121)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:211)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3748)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1499)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
]]

Solution

1. Log in to the database as DEV_ORABAM.

2. Run the following query:

UPDATE dev_orabam.sysiteruser SET inactive = 0 WHERE username = 'weblogic';

COMMIT;

Applicable Versions

Oracle Business Activity Monitoring (BAM) 11g (11.1.1.9.0)

Getting "NZ Library Error: Unknown error" when starting up OHS

Problem

You may have received the following obscure error when trying to start up OHS. This error would repeat indefinitely in the ohs1.log file:

[2017-04-16T14:19:35.0074+00:00] [OHS] [ERROR:32] [] [core.c] [host_id: soahost1.raastech.com] [host_addr: 192.168.1.13] [pid: 10627] [tid: 139289152765702] [user: oracle] [VirtualHost: SOAHOST1:8898] NZ Library Error: Unknown error

Solution

1. Edit httpd.conf.

2. Add the following line at the bottom of the file. It must be the loopback address, and any available port:

Listen 127.0.0.1:9999

3. Restart OHS.

References

Applicable Versions

Oracle WebTier 11g (11.1.1.9.0)

Tuesday, July 18, 2017

Keytool usage and examples

List

keytool -list -keystore cacerts

keytool -list -v -keystore cacerts

keytool -list -v -keystore raastech.jks -storepass changeit

Change Keystore Password

keytool -storepasswd -new changeit -keystore raastech.jks -storepass changeit

Import

keytool -import -trustcacerts -file CA.cer -alias ca -keystore cacerts

keytool -import -v -noprompt -trustcacerts -alias ca -file CA.cer -keystore trust.jks -storepass changeit

Import Keystore

keytool -importkeystore -srckeystore raastech.p12 -srcstoretype PKCS12 -destkeystore raastech.jks

Delete Alias from Keystore

keytool -delete -alias ca -keystore cacerts -storepass changeit

Sunday, July 16, 2017

Error while starting cluster: (Wrapped) java.io.IOException: Keystore was tampered with, or password was incorrect

Problem

Seeing the following in the log during startup of oam_server1:

[oam_server1] [ERROR] [] [Coherence] [tid: Logger@1725259747 3.7.1.1] [userId: ] [ecid: 0000Kcfv^DM7ECK6yVuXMG1KXY0q000002,0] [APP: oam_server#11.1.2.0.0] 2015-10-12 03:08:58.358/302741.698 Oracle Coherence GE 3.7.1.1 (thread=Configuration Store Observer, member=n/a): Error while starting cluster: (Wrapped) java.io.IOException: Keystore was tampered with, or password was incorrect.

Solution

The .cohstore.jks keystore file is corrupt and must be restored from backup.

If the password in the .cohstore.jks keystore file is corrupt, even though you may be able to get the password using a WLST command, it needs to be restored from backup.

1. Start the AdminServer.

2. Connect to Enterprise Manager (/em).

3. Locate the Domain in the left navigation panel.

4. Right click and select Security > Credentials.

5. Delete the credential Map key pair (OAM_STORE, coh).

6. Restart the AdminServer. This will re-create the Coherence Bootstrap artifact and reset the required password.

References

http://www.idmfun.com/2015/10/oam-11g-r2-ps2-111220-keystore-tampered.html

Applicable Versions

Oracle Access Manager 11g R2 PS2 (11.1.2.2.0)

Thursday, July 13, 2017

[Quick Tip] Jenkins: Skip the Wizard

If you are trying to setup Jenkins in an automated way you may setup the config files, but still get the setup screen despite not needing it.

You can simply add jenkins.install.runSetupWizard=false to the start up script and you're home free.

https://issues.jenkins-ci.org/browse/JENKINS-34035

Enabling "Execution Tracing" and "Message Tracing" in OSB does not work

Problem

I enabled Execution Tracing and Message Tracing on an OSB proxy service, but nothing is appearing in the logs.

Solution

1. Navigate to Servers > osb_server1 > Logging.

2. Click on Advanced.

3. Set Minimum severity to Log to "DEBUG".

4. Set Log file : Severity Level to "DEBUG".

5. Save and Activate changes.

Applicable Versions

Oracle Service Bus (OSB) 11g (11.1.1.9.0)

Tuesday, July 4, 2017

OID/LDAP command usage and examples

Set Environment

export ORACLE_INSTANCE=/u01/app/oracle/middleware/asinst_1

export ORACLE_HOME=/u01/app/oracle/middleware/Oracle_OID

Bind Admin

$ORACLE_HOME/bin/ldapbind -h oidhost -p 3060 -D cn=orcladmin -w welcome1

$ORACLE_HOME/bin/ldapbind -h oidhost -p 3060 -D "cn=orcladmin,cn=users,dc=raastech" -w welcome1

Bind User

$ORACLE_HOME/bin/ldapbind -h oidhost -p 3060 -D "cn=ahmed,cn=users,dc=raastech" -w welcome1

Bind on SSL Port

$ORACLE_HOME/bin/ldapbind -h oidhost -p 3131 -U 1 -D cn=orcladmin -w welcome1

Search

$ORACLE_HOME/bin/ldapsearch -h oidhost -p 3131 -U 1 -D cn=orcladmin -s sub "(objectclass=*)" -w welcome1

Add User

Create file: oid_add_user.ldif

dn: cn=ahmed,cn=users,dc=raastech
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: ahmed
givenName: ahmed
sn: ahmed
cn: ahmed
mail: ahmed@ahmed.ahmed
userPassword: welcome1

$ORACLE_HOME/bin/ldapmodify -h oidhost -p 3060 -D cn=orcladmin -w welcome1 -f oid_add_user.ldif

Change Password

Create file: oid_update_password.ldif

dn: cn=ahmed,cn=users,dc=raastech
changetype: modify
replace: userPassword
userPassword: welcome1

$ORACLE_HOME/bin/ldapmodify -h oidhost -p 3060 -D cn=orcladmin -w welcome1 -f oid_update_password.ldif

Delete User

Create file: oid_delete_user.ldif

dn: cn=ahmed,cn=users,dc=raastech
changetype: delete

$ORACLE_HOME/bin/ldapmodify -h oidhost -p 3060 -D cn=orcladmin -w welcome1 -f oid_delete_user.ldif

Applicable Versions

Oracle Internet Directory (OID) 11g

WebLogic Routing Configuration in mod_wl_ohs.conf for OBIEE 11g

1. Edit this file:

/u01/app/oracle/middleware/Oracle_WT1/instances/obiee/config/OHS/ohs1/mod_wl_ohs.conf

2. Add these entries (modify hostnames accordingly):

<Location /analytics>
SetHandler weblogic-handler
WebLogicCluster obieehost1:9701,obieehost2:9701
WLProxySSL ON
WLProxySSLPassThrough ON
</Location>

<Location /xmlpserver>
SetHandler weblogic-handler
WebLogicCluster obieehost1:9701,obieehost2:9701
WLProxySSL ON
WLProxySSLPassThrough ON
</Location>

Applicable Versions

Oracle HTTP Server (OHS) 11g (11.1.1.9.0)
OBIEE 11g (11.1.1.9.0)

Monday, July 3, 2017

Convert a .p12 file to .pem

PEM files are fully encrypted.

Openssl can turn a P12 file in a PEM file with both public and private keys using this command:

openssl pkcs12 -in certinput.p12 -out certoutput.pem -nodes

References

https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file