Microsoft Active Directory Integration issue with OBIEE12c on Secure Port (Port# 636) - Page 2 — Oracle Analytics

Oracle Analytics Cloud and Server

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Microsoft Active Directory Integration issue with OBIEE12c on Secure Port (Port# 636)

Received Response
233
Views
23
Comments
2

Answers

  • Michael Verzijl
    Michael Verzijl Rank 6 - Analytics Lead

    Did you apple the custom identity to both servers? So adminserver and biserver.

    Please check the logging of AD why the users are not visible.

  • 3614436
    3614436 Rank 3 - Community Apprentice

    Yes, applied on both Admin & Managed server.

    Here AD people are not very clear about the integration between AD and OBIEE. Hectic time.

    Could you please provide the steps if you have documented.

  • Michael Verzijl
    Michael Verzijl Rank 6 - Analytics Lead

    I don't have a shareable document for you with all steps.

    I would say:

    1) start with enabling the adminserver for the AD config

    2) Make sure that this is not setup as required

    3) Restart admin and check why users are not imported and share logfile of what is running now

    Once above is done, continue with the biserver

  • 3614436
    3614436 Rank 3 - Community Apprentice

    Thanks much for support.

    I will do a try today and send you the log files.

  • GermanA-Oracle
    GermanA-Oracle Rank 3 - Community Apprentice

    A few questions:

    1. Are your certificates signed by a known CA?
    2. Did you import the whole chain into the keystore?
    3. Did you also import it into the adapters.jks (libovd) keystore?
    4. Have you opened a SR for this?  If so, what's the number?
  • 3614436
    3614436 Rank 3 - Community Apprentice

    Dear GermanA,

    Thanks much for the update. Please find the details below

    1. Are your certificates signed by a known CA? --> How to check that?
    2. Did you import the whole chain into the keystore? --> We have created the Keystore based on the certificate provided by organization.
    3. Did you also import it into the adapters.jks (libovd) keystore? --> No, I have no idea.
    4. Have you opened a SR for this?  If so, what's the number? --> Sev1 (SR 3-16809344191 : Need to configure MS AD on port 636 as an authenticator in Weblogic Console)

    Following are the error message from domain log under Admin Server Logs.

    [Security:090294]could not get connection

    unable to find valid certification path to requested target

    ####<Feb 8, 2018, 1:13:19,390 AM EST> <Warning> <Security> <elydrscdev.my.org> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000002> <1518070399390> <[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-099117> <The LDAP authentication provider named "MSADHRDSB" failed to make a connection to LDAO server at ldaps://myorg:636, the error cause is: General SSLEngine problem.>

    ####<Feb 8, 2018, 1:14:41,803 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004c> <1518070481803> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server bi_server1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:42,79 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004f> <1518070482079> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obiccs1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:43,249 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000052> <1518070483249> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obis1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:44,412 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000055> <1518070484412> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obips1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:45,562 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000058> <1518070485562> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obijh1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:46,705 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000005b> <1518070486705> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obisch1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:16:42,178 AM EST> <Error> <Console> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000062> <1518070602178> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-240003> <Administration Console encountered the following error: weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection

    Caused by: netscape.ldap.LDAPException: General SSLEngine problem (91); Cannot connect to the LDAP server

    Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

    Best Regards,

    Ritesh

  • 3614436
    3614436 Rank 3 - Community Apprentice

    Dear Michael,

    I have done the steps for Admin Server but not able to view the users in Admin console. However following are the error details from domain log under Admin Server logs. I

    Following are the error message from domain log under Admin Server Logs.

    [Security:090294]could not get connection

    unable to find valid certification path to requested target

    ####<Feb 8, 2018, 1:13:19,390 AM EST> <Warning> <Security> <elydrscdev.my.org> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000002> <1518070399390> <[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-099117> <The LDAP authentication provider named "MSADHRDSB" failed to make a connection to LDAO server at ldaps://myorg:636, the error cause is: General SSLEngine problem.>

    ####<Feb 8, 2018, 1:14:41,803 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004c> <1518070481803> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server bi_server1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:42,79 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004f> <1518070482079> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obiccs1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:43,249 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000052> <1518070483249> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obis1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:44,412 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000055> <1518070484412> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obips1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:45,562 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000058> <1518070485562> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obijh1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:14:46,705 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000005b> <1518070486705> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obisch1 : General SSLEngine problem>

    ####<Feb 8, 2018, 1:16:42,178 AM EST> <Error> <Console> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000062> <1518070602178> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-240003> <Administration Console encountered the following error: weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection

    Caused by: netscape.ldap.LDAPException: General SSLEngine problem (91); Cannot connect to the LDAP server

    Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

    Best Regards,

    Ritesh

  • Michael Verzijl
    Michael Verzijl Rank 6 - Analytics Lead

    Based on this I would say your certificates are not setup correctly.

    Which commands did you execute to create your keystore?

  • GermanA-Oracle
    GermanA-Oracle Rank 3 - Community Apprentice

    I just checked the SR and it looks like the AD certificate was not imported into the keystore, is everything working now?

  • 3614436
    3614436 Rank 3 - Community Apprentice

    Dear Michael,

    Thanks.

    I have got the correct certificate from LDAP AD team and import into correct location in the server.

    Post import the certificates using keytool command , i have re-enter the AD administrator credentials in provider specific and save it. After saving i did not get any issue. I have activate the changes. Restarted the services. Now i can see the all the AD users in Security realm -->ADProvider --> User and Group.

    However, none of the AD users including weblogic user are able to login into Analytics page ( Username & Password incorrect error). I will share the logs as well.

    I have set the vertualize opetion is True in EM conole as well but same issue persists.

    However, I have not set the keystore options in Admin server or Manage Server level.

    Could you please guide me on the error. Our development activity is completely stuck because of weblogic user is not able to login analytics page.

    Best Regards,

    Ritesh