Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Microsoft Active Directory Integration issue with OBIEE12c on Secure Port (Port# 636)
Answers
-
Did you apple the custom identity to both servers? So adminserver and biserver.
Please check the logging of AD why the users are not visible.
0 -
Yes, applied on both Admin & Managed server.
Here AD people are not very clear about the integration between AD and OBIEE. Hectic time.
Could you please provide the steps if you have documented.
0 -
I don't have a shareable document for you with all steps.
I would say:
1) start with enabling the adminserver for the AD config
2) Make sure that this is not setup as required
3) Restart admin and check why users are not imported and share logfile of what is running now
Once above is done, continue with the biserver
0 -
Thanks much for support.
I will do a try today and send you the log files.
0 -
A few questions:
- Are your certificates signed by a known CA?
- Did you import the whole chain into the keystore?
- Did you also import it into the adapters.jks (libovd) keystore?
- Have you opened a SR for this? If so, what's the number?
0 -
Dear GermanA,
Thanks much for the update. Please find the details below
- Are your certificates signed by a known CA? --> How to check that?
- Did you import the whole chain into the keystore? --> We have created the Keystore based on the certificate provided by organization.
- Did you also import it into the adapters.jks (libovd) keystore? --> No, I have no idea.
- Have you opened a SR for this? If so, what's the number? --> Sev1 (SR 3-16809344191 : Need to configure MS AD on port 636 as an authenticator in Weblogic Console)
Following are the error message from domain log under Admin Server Logs.
[Security:090294]could not get connection
unable to find valid certification path to requested target
####<Feb 8, 2018, 1:13:19,390 AM EST> <Warning> <Security> <elydrscdev.my.org> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000002> <1518070399390> <[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-099117> <The LDAP authentication provider named "MSADHRDSB" failed to make a connection to LDAO server at ldaps://myorg:636, the error cause is: General SSLEngine problem.>
####<Feb 8, 2018, 1:14:41,803 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004c> <1518070481803> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server bi_server1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:42,79 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004f> <1518070482079> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obiccs1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:43,249 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000052> <1518070483249> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obis1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:44,412 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000055> <1518070484412> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obips1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:45,562 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000058> <1518070485562> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obijh1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:46,705 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000005b> <1518070486705> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obisch1 : General SSLEngine problem>
####<Feb 8, 2018, 1:16:42,178 AM EST> <Error> <Console> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000062> <1518070602178> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-240003> <Administration Console encountered the following error: weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
Caused by: netscape.ldap.LDAPException: General SSLEngine problem (91); Cannot connect to the LDAP server
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
Best Regards,
Ritesh
0 -
Dear Michael,
I have done the steps for Admin Server but not able to view the users in Admin console. However following are the error details from domain log under Admin Server logs. I
Following are the error message from domain log under Admin Server Logs.
[Security:090294]could not get connection
unable to find valid certification path to requested target
####<Feb 8, 2018, 1:13:19,390 AM EST> <Warning> <Security> <elydrscdev.my.org> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000002> <1518070399390> <[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-099117> <The LDAP authentication provider named "MSADHRDSB" failed to make a connection to LDAO server at ldaps://myorg:636, the error cause is: General SSLEngine problem.>
####<Feb 8, 2018, 1:14:41,803 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004c> <1518070481803> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server bi_server1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:42,79 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004f> <1518070482079> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obiccs1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:43,249 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000052> <1518070483249> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obis1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:44,412 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000055> <1518070484412> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obips1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:45,562 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000058> <1518070485562> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obijh1 : General SSLEngine problem>
####<Feb 8, 2018, 1:14:46,705 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000005b> <1518070486705> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obisch1 : General SSLEngine problem>
####<Feb 8, 2018, 1:16:42,178 AM EST> <Error> <Console> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000062> <1518070602178> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-240003> <Administration Console encountered the following error: weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
Caused by: netscape.ldap.LDAPException: General SSLEngine problem (91); Cannot connect to the LDAP server
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
Best Regards,
Ritesh
0 -
Based on this I would say your certificates are not setup correctly.
Which commands did you execute to create your keystore?
0 -
I just checked the SR and it looks like the AD certificate was not imported into the keystore, is everything working now?
0 -
Dear Michael,
Thanks.
I have got the correct certificate from LDAP AD team and import into correct location in the server.
Post import the certificates using keytool command , i have re-enter the AD administrator credentials in provider specific and save it. After saving i did not get any issue. I have activate the changes. Restarted the services. Now i can see the all the AD users in Security realm -->ADProvider --> User and Group.
However, none of the AD users including weblogic user are able to login into Analytics page ( Username & Password incorrect error). I will share the logs as well.
I have set the vertualize opetion is True in EM conole as well but same issue persists.
However, I have not set the keystore options in Admin server or Manage Server level.
Could you please guide me on the error. Our development activity is completely stuck because of weblogic user is not able to login analytics page.
Best Regards,
Ritesh
0