Forum Stats

  • 3,840,408 Users
  • 2,262,600 Discussions
  • 7,901,267 Comments

Discussions

Configuring SSL in Oracle Business Intelligence, inconsistency on Cross Component Wiring instruction

Eduardo Ferrari
Eduardo Ferrari Member Posts: 14 Green Ribbon

This is for Oracle OBIEE 12.2.1.4.0.

I have followed the instructions to configure SSL from here https://docs.oracle.com/middleware/bi12214/biee/BIESC/GUID-B3F876BE-9344-4803-9B99-5A4C64F68D6C.htm#BIESC374

When I get to this part here: Configuring OWSM to Use t3s, on my setup it does not say "Out of Sync", it is "Wired". Once I reboot the services, then I see an error on the log:

<Mar 9, 2020 2:55:12,684 PM MDT> <Notice> <WebLogicServer> <BEA-000360> <The server started in RUNNING mode.>

<Mar 9, 2020 2:55:12,695 PM MDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING.>

Build Info: Oracle BI Publisher 12.2.1.4.0

Build Info: Oracle BI Publisher 12.2.1.4.0

Build Info: Oracle BI Publisher 12.2.1.4.0

XMLPServer root path : /opt/oracle/obiee_domains/fibbi/servers/bi_server1/tmp/_WL_user/bipublisher_11.1.1/to5gma/war

Build Info: Oracle BI Publisher 12.2.1.4.0

Start Scheduler...

WLJMSServiceSecure.getInitialContext is secure: weblogic

javax.naming.CommunicationException: Failed to initialize JNDI context, tried 2 time or times totally, the interval of each time is 0ms.

t3://<my-server>:9502: Destination <my-ip>, 9502 unreachable.; nested exception is:

        java.net.ConnectException: Connection refused; No available router to destination.; nested exception is:

On the WebLogic console, if I go into Environment -> Servers, I do see the AdminServer as listen port 9500 as opposed to the SSL port. The HTTP has been disabled but the port hasn't changed. The config.xml has the correct port as well.

I do see the error above is because the connection is being made using "t3" and not "t3s". However, as I mentioned above, I do not have an option to do the "Oracle Web Services Manager (OWSM)" step as it is not Out of Sync. I did try to Bind again just in case but nothing changed.

Tagged:

Best Answer

  • Eduardo Ferrari
    Eduardo Ferrari Member Posts: 14 Green Ribbon
    edited Mar 24, 2020 9:31AM Answer ✓

    Fixed that problem. I had to recreate the $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks

    ./libovdconfig.sh -host myhost -port 9500 -domainPath $DOMAIN_HOME -userName weblogic -createKeystore

    keytool -import -keystore $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks -storepass mypass -alias rootca01 -file /opt/oracle/keystore/rootca01.cer

    keytool -import -keystore $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks -storepass mypass -alias sysca01 -file /opt/oracle/keystore/sysca01.cer

    keytool -import -keystore $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks -storepass mypass -alias intca01 -file /opt/oracle/keystore/intca01.cer

    The clue for this problem was in one of the logs saying that the keystore password was null. I, then, decided to recreate it. What's strange, is that I have done exactly the same steps again.

Answers

  • Eduardo Ferrari
    Eduardo Ferrari Member Posts: 14 Green Ribbon
    edited Mar 23, 2020 10:50AM

    I was finally able to review my setup with Oracle Support. According to them, the cross component wiring is correct, despite the fact that will not show "Out of Sync" based on what the documentation describes.

    After juggling for a while, we found out that one of the issues I have is with the "LDAP" connection. However, I am not connecting this to any LDAP but there's a setup instruction that calls for "Configuring Internal WebLogic Server LDAP to Use LDAPs". We have gone thru those steps again and even removed that property as a test. No luck.

    The test we do is we would go into the Enterprise Manager -> Security -> Application Roles -> Select Application Stripe "obi" and then try to search for an user. If the search causes an error, that's not working. If we disable LDAPS it works.

    So we also have done the following steps (not necessarily documented) -- to remove the "Demo Certs" completely:

    cd /opt/oracle/middleware/oracle_common/common/bin

    source ./setWlstEnv.sh

    java weblogic.WLST

    connect('weblogic', 'mypassword', 't3s://myserver:9501')

    svc.listKeyStoreAliases(appStripe='system', name='trust', password='mypwd', type='TrustedCertificate')

    svc = getOpssService(name='KeyStoreService')

    svc.importKeyStore(appStripe='system', name='castore', password='mypwd', aliases='weblogic',keypasswords='mypwd', type='JKS', permission=true, filepath='/opt/oracle/keystore/keystore.jks')

    svc.exportKeyStoreCertificate(appStripe='system', name='castore', password='mypwd', alias='weblogic', type='Certificate', filepath='/tmp/cert.txt')

    svc.importKeyStoreCertificate(appStripe='system', name='trust', password='mypwd', alias='weblogic', keypassword='mypwd', type='TrustedCertificate', filepath='/tmp/cert.txt')

    svc.listKeyStoreAliases(appStripe='system', name='trust', password='mypwd', type='TrustedCertificate')

    ./wlst_internal.sh /tmp/updateServiceInstanceProperty.py -si keystore.db -key ca.key.alias -value weblogic

    And also those (to try to fix the LDAPS error):

    svc = getOpssService(name='KeyStoreService')

    svc.importKeyStoreCertificate(appStripe='system', name='trust', password='', alias='vmtnrootca01', keypassword='', type='TrustedCertificate', filepath='/opt/oracle/keystore/vmtnsysca01.cer')

    svc.importKeyStoreCertificate(appStripe='system', name='trust', password='', alias='vmtnrootca02', keypassword='', type='TrustedCertificate', filepath='/opt/oracle/keystore/vmtnrootca01.cer')

    svc.importKeyStoreCertificate(appStripe='system', name='trust', password='', alias='vmtnrootca03', keypassword='', type='TrustedCertificate', filepath='/opt/oracle/keystore/vmtnsysintca01.cer')

    But no luck... on the emoms.log it shows:

    Caused by: oracle.igf.ids.IDSException: Operations error: entity=ou=people,ou=myrealm,dc=fibbi op=search mesg=   AdditionalInfo: LDAP Error 2 : myserver:9501

    at oracle.igf.ids.arisid.ArisIdServiceManager.searchEntities(ArisIdServiceManager.java:2975)

    at oracle.igf.ids.UserManager.searchUsers(UserManager.java:312)

    at oracle.sysman.emas.model.security.UserRoleUtil.fetchUserListIGF(UserRoleUtil.java:361)

    at oracle.sysman.emas.model.security.DialogAdminBean.switchPartitionContext(DialogAdminBean.java:1605)

    at oracle.sysman.emas.model.security.DialogAdminBean.fetchUserNameList(DialogAdminBean.java:858)

    ... 105 more

    Caused by: oracle.igf.ids.arisid.ArisIdConnectionException: Operations error: entity=ou=people,ou=myrealm,dc=fibbi op=search mesg=   AdditionalInfo: LDAP Error 2 : myserver:9501

    at com.oracle.ovd.arisid.OvdIdsStackProvider.mapResultCode(OvdIdsStackProvider.java:776)

    at com.oracle.ovd.arisid.OvdIdsStackProvider.doSearch(OvdIdsStackProvider.java:1997)

    at com.oracle.ovd.arisid.ArisIdStackProvider.doSearch(ArisIdStackProvider.java:278)

    at org.openliberty.arisid.Interaction.doSearch(Interaction.java:1453)

    at oracle.igf.ids.arisid.ArisIdServiceManager.searchEntities(ArisIdServiceManager.java:2896)

    ... 109 more

    Caused by: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : myserver:9501

    at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:209)

    at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:47)

    at oracle.ods.virtualization.service.DefaultVirtualizationSession.processOperation(DefaultVirtualizationSession.java:403)

    at oracle.ods.virtualization.service.DefaultVirtualizationSession.search(DefaultVirtualizationSession.java:190)

    at com.oracle.ovd.arisid.OvdIdsStackProvider.doSearch(OvdIdsStackProvider.java:1989)

    ... 112 more

    Caused by: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : myserver:9501

    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1164)

    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:1027)

    at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:470)

    at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:276)

    at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:223)

    at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:811)

    Any clues ??!!

  • Eduardo Ferrari
    Eduardo Ferrari Member Posts: 14 Green Ribbon
    edited Mar 24, 2020 9:31AM Answer ✓

    Fixed that problem. I had to recreate the $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks

    ./libovdconfig.sh -host myhost -port 9500 -domainPath $DOMAIN_HOME -userName weblogic -createKeystore

    keytool -import -keystore $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks -storepass mypass -alias rootca01 -file /opt/oracle/keystore/rootca01.cer

    keytool -import -keystore $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks -storepass mypass -alias sysca01 -file /opt/oracle/keystore/sysca01.cer

    keytool -import -keystore $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks -storepass mypass -alias intca01 -file /opt/oracle/keystore/intca01.cer

    The clue for this problem was in one of the logs saying that the keystore password was null. I, then, decided to recreate it. What's strange, is that I have done exactly the same steps again.