Creating a new Provisioning Plan
Oracle Fusion Applications Installation: Creating a new Provisioning Plan
Previous: Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)
Important Note: This is OLD guide for old version 11.1.1.5. Please follow instructions at http://www.oratraining.com/blog/2012/12/oracle-fusion-applications-installation-step-by-step-guide-11-1-5/ for latest guide for current version i.e. 11.1.5
In order to create a new fusion applications provisioning plan we should launch the provisioning wizard again from <framework_location>/provisioning/bin
<framework_location> is same what we mentioned in previous post. i.e. /app/fusion
[oracle@fusion $ cd /app/fusion/provisioning/bin
[oracle@fusion bin]$ ./provisioningWizard.sh &
On Welcome screen, click Next
Select “Create a New Applications Environment Provisioning Plan” and click Next
Deselect Security updates notification and click Next
Please note that in Fusion Applications each Applications will include multiple Weblogic Managed Servers, admin servers etc and since our Virtual Machine is not having sufficient capacity to host all these applications, we selected “Oracle Human Capital Management”. You can select any product which you wish to configure first. Click Details to see the topology details for the selected module.
Click Close and then Next on configurations screen.
In this screen provide any name to this provisioning plan. Click Next
Since we entered “weblogic” as Node Manager login earlier, provide its password Oracle123
Installers Directory Location: The stage or repository location. In our case /mnt/fusion
Oracle Fusion Applications Home: Provide base location for the installation. /fusion (or whichever directory you choose)
Enter /fusion/instance for Application Configuration Directory.
As we have noted the location for Webgate Library earlier in Previous post, enter /app/fusion/oam_lib
We had created IDM Properties file /app/fusion/bea_default/Oracle_IAM/idmtools/bin/idmDomainConfig.param in previous post.
RDP Password: oracle123
Click Next
Since we already have services running on some of above ports (for example 7001 etc), change the base port to some other value for example 12000. The reason we chose 12000 is that as per Oracle release notes the above port ranges should not overlap with 11020. You can even manually skip that port. Change Node Manager port to 5557. Click Next
Enter database details in this screen. Click Next
Enter same password. Lets’ keep Oracle123 again J
This will only accept earlier entered ODI Supervisor password. In our case, nothing to worry since we have all passwords as Oracle123
Password: Oracle123 (here it validates this password)
We are going to have single host for all domains. Enter our hostname “fusion” and click Next
Deselect DMZ, enter host as fusion, domain as fusion.local. Click Next
Review above and change if desired. Click Next
Since we are going to have the simplest installation, deselect Load Balancing. Click Next
Deselect Proxy. Click Next
Entered following values only, remaining were populated from idmDomainConfig.param file
Super User Name: weblogic_fa
“Create Administrators Group”, “Create Monitors Group”, “Create Operators Group”: Checked
Entered Oracle123 in both password fields
“Identity Store Enabled SSL”, “OIM Endpoint Enabled SSL”: Unchecked
OIM Administrator User Name: We will use webglogic_idm username for provisioning. OIM Administrator login xelsysadm or oimadmin will not be used for provisioning.
OIM Administrator Password: Oracle123
OIM Managed Server port: 14000
OIM Endpoint Host: fusion (this is because we did not configure load balancing)
OIM Endpoint Port: 7777
IDM Keystore file: Create a dummy file anywhere on Linux and enter its path here.
[oracle@fusion]$ touch /app/fusion/provisioining/dummy
IDM KeyStore Password: Enter any value since this is not used for non SSL setup.
OAM Administrator User Name: oamadmin
OAM Administrator Password: Oracle123 (as defined earlier)
OAM AAA Server Host: fusion
OAM AAA Server Port: 5575 (Default and also defined earlier)
Access Server Identifier: wls_oam1
Secondary OAM: Unchecked
OAM Security Mode: Open
Webgate password: Oracle123 (as entered earlier in previous post)
OPSS Policy Store Password: Oracle123
OPSS Policy Store JPS Root Node: cn=FAPolicies (though you can choose any name but we will go with Oracle recommendation)
Create OPSS Policy Store JPS Root Node: Checked
OPSS Policy Store SSL Enabled: Unchecked
Remaining fields already poputed due to idmDomainConfig.param file. Click Next
Enter Database Details. Also enter DEV_MDS and password Oracle123 (defined earlier during installation in previous post). Click Next
Click Finish to complete creating the plan.
Next: Provisioning an Applications Environment
Installing Oracle Fusion Applications – steps
- Installing Fusion Applications Provisioning Framework
- Installing Oracle 11g Database (Applications Transactional Database)
- Running Oracle Fusion Applications Repository Creation Utility (Applications RCU)
- Creating another database for Oracle Identity Management Infrastructure (optional)
- Running Repository Creation Utility (RCU) for Oracle Identity Management components
- Installing Oracle Identity and Access Management Components
- Configuring Oracle Identity and Access Management components
- Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)
- Creating a New Provisioning Plan
- Provisioning an Applications Environment
Admin,
We have completed all the steps as per installation document,
we are able to connect all admin servers (OIM,OAM,WLS..ODSM….)
I have crated provisioning file sucessfully.and completed installaiton phase without issues.
Now in preconfigure phase we are getting errors as bellow
“Could not load ldif file :Cannot find Distinguished Name for name Administrators” on premodial host could you please help us to fix it.
Thanks
Shri.
Dear Srihari,
What username have you used as application superuser? Is it weblogic_fa? If not change it and retry. Make sure the value is changed in the response file despite you have changed on screen. Also same username should be used during seeding of data in configure IDM step. Also send your response file to tushar [at] oratraining.com if possible so that I can validate for any issues.
Hi Tushar,
Thanks for the update iam sending the response file to your mail id.
When attempting to Run provisioning wizard preverify phase
“Cannot find Distinguished Name for name Administrators”
Thanks.
Shrihari
Hi Tushar,
We are installing Fusion applications 11.1.4 and getting the following error in postconfigure phase :
private-invoke-webcenter-build:
2013-01-09 23:56:59.996 WARNING [java] Jan 9, 2013 11:56:59 PM oracle.ecsf.mbean.SearchRuntimeAdmin createInvocationTargetException
2013-01-09 23:56:59.997 WARNING [java] SEVERE: cannot register the identity plug-in on this SES instance
2013-01-09 23:56:59.997 WARNING [java] oracle.ecsf.SearchException: cannot register identity plug-in to SES or user FUSION_APPS_HCM_SES_CRAWL_APPID
2013-01-09 23:56:59.997 WARNING [java] at oracle.ecsf.ses.v11g.admin.SESAdministratorImpl.registerIdentityPlugin(SESAdministratorImpl.java:654)
2013-01-09 23:56:59.997 WARNING [java] at oracle.ecsf.admin.RuntimeAdmin.registerIdentityPlugin(RuntimeAdmin.java:115)
2013-01-09 23:56:59.997 WARNING [java] at oracle.ecsf.mbean.SearchRuntimeAdmin.registerIdentityPlugin(SearchRuntimeAdmin.java:291)
2013-01-09 23:56:59.998 WARNING [java] at oracle.ecsf.util.ProvisioningUtil.setIdPlugin(ProvisioningUtil.java:449)
2013-01-09 23:57:00.036 WARNING [java] at oracle.ecsf.util.ProvisioningUtil.main(ProvisioningUtil.java:138)
2013-01-09 23:57:00.036 WARNING [java] Caused by: oracle.ecsf.SearchException: Could not get SES admin service proxy http://fs-int.domain.com:13001/search/api/admin/AdminServicedue to error: com.sun.xml.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.
2013-01-09 23:57:00.037 WARNING [java]
2013-01-09 23:57:00.037 WARNING [java] java.io.IOException: Server returned HTTP response code: 500 for URL: http://fs-int.domain.com:13001/search/api/admin/AdminService
2013-01-09 23:57:00.037 WARNING [java] java.io.IOException: Server returned HTTP response code: 500 for URL: http://fs-int.domain.com:13001/search/api/admin/AdminService?wsdl
2013-01-09 23:57:00.037 WARNING [java]
2013-01-09 23:57:00.037 WARNING [java] at oracle.ecsf.ses.v11g.admin.DeployManagerImpl.getAdminProxy(DeployManagerImpl.java:1902)
2013-01-09 23:57:00.037 WARNING [java] at oracle.ecsf.ses.v11g.admin.DeployManagerImpl.registerIdentityPlugin(DeployManagerImpl.java:721)
2013-01-09 23:57:00.037 WARNING [java] at oracle.ecsf.ses.v11g.admin.SESAdministratorImpl.registerIdentityPlugin(SESAdministratorImpl.java:640)
Could yoy please let us know how we can debug this further
Raj
Hi Geerthi,
List of failed Validation in OIM 1. OAM_Validation : Cannot perform OAM Validation as null —–> you can ignore this error as it is a bug in fusion apps.it will not create any problem with the installation.
Thanks
ram
I’m now installing RUP3. During Pre-req check In Provisioning i am getting the below error.
Error-1:
[2012-08-14 03:16:58 PDT] Functional Setup: common-preverify-security validateOim – BUILD_ERROR : List of failed Validation in OIM 1. OAM_Validation : Cannot perform OAM Validation as null
Error:2
[2012-08-14 03:17:00 PDT] Functional Setup: common-preverify-security validateOam – BUILD_ERROR : Error 1 : OAM11G_OIM_OHS_URL : OIM host configured with OAM is not valid.
From the above reply i found out that i can ignore the Error-1. But could you suggest or gimme a solution to overcome error-2.?
Awaiting your reply.
Regards,
Geerthi
I just thought of mentioned that I am able to proceed with I replaced OVD entries with OID in the plan. I do not know why. But it did not like OVD entries even though OVD is up and running.
thanks
Jyothi
Can some one please help me to proceed with preverify phase of my installation of Fusion Apps.
I am getting 2 errors now. I did necessary changes in the Prov. plan but I am still getting same error. Now it is beyond my thinking :
Cannot perform OAM Validation as Error in receiving hashed server challenge ObAAAStatus: Major code: 50(Insecure) Minor code: 2(NoCode) !DETAIL=List of failed Validation in OIM||1. OAM_Validation : Cannot perform OAM Validation as Error in receiving hashed server challenge ObAAAStatus: Major code: 50(Insecure) Minor code: 2(NoCode) ||!
Invalid IDStore host name. Error 2 : OAM11G_OIM_OHS_URL : Invalid OIM host name for OIM URL. !DETAIL=Error 1 : IDSTORE_HOST : Invalid IDStore host name.|Error 2 : OAM11G_OIM_OHS_URL : Invalid OIM host name for OIM URL.|!BUILDFILE=/fa/fusion/repository/provisioning/provisioning/provisioning-build/common-preverify-build.xml!LINENUMBER=323!
Here is more info about my setup :
I used Simple mode. Currently when I send request to OHS, it is redirected to http://sso.mycompany.com:7777/ and is working fine to get into OIM, OAM, and other consoles using many ids such as xelsysadm, oamadmin, weblogic_idm etc. This means all credentials are there right ? I am not sure.
2. I see that in config_oam2.props, OAM11G_OIM_OHS_URL:http://sso.mycompany.com:7777/
In config_oam1.props, OAM11G_IDM_DOMAIN_OHS_HOST: webhost.mycompany.com
So, in my prov plan, I mentioned first sso.mycompany.com and the preverify phase complained that non-ssl connection can not made.
Then I mentioned webhost.mycompany.com in the plan and I am getting same “Invalid IDStore error”.
Also, I see all those keys such as SSOAccessKey, SSOKeystoreKey and SSOGlobalPP in EM console. I have every pwd as welcome1. No change in any pwd.
Pleae let me know what else I need to do to resolve this issue.
Appreciate your time.
thanks
Jyothi
Thanks for you help 🙂
As your suggestion I recreated provision planning application.
Now I am getting below issues.
[2012-04-10T17:02:02.637+05:30] [runProvisioning-preverify] [ERROR] [] [runProvisioning-preverify] [tid: 12] [ecid: 0000JQS1KxO1zWGMyyfd6G1FX1ba000003,0] List of failed Validation in OIM[[
1. OVD : Cannot perform OVD validations as Cannot bind to OVD with URL :
2. OAM_Validation : Cannot perform OAM Validation as null
[2012-04-10T17:02:03.060+05:30] [runProvisioning-preverify] [ERROR] [FAPROV-00298] [runProvisioning-preverify] [tid: 12] [ecid: 0000JQS1KxO1zWGMyyfd6G1FX1ba000003,0] An Error Occured: [[
The required attribute ‘oamPassphrase’ is missing
[2012-04-10T17:02:03.300+05:30] [runProvisioning-preverify] [ERROR] [] [runProvisioning-preverify] [tid: 10] [ecid: 0000JQS1Iow1zWGMyyfd6G1FX1ba000000,0] FAPROV-00298 The following error occurred while executing this line:[[
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/orchestration-build.xml:2121: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/base-product-family-build.xml:50: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/fs-build.xml:194: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/common-preverify-build.xml:323: The required attribute ‘oamPassphrase’ is missing
]]
[2012-04-10T17:02:03.306+05:30] [runProvisioning-preverify] [ERROR] [] [runProvisioning-preverify] [tid: 10] [ecid: 0000JQS1Iow1zWGMyyfd6G1FX1ba000000,0] BUILD FAILED[[
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/orchestration-build.xml:130: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/common-misc-build.xml:109: An Error Occured: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/orchestration-build.xml:2121: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/base-product-family-build.xml:50: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/fs-build.xml:194: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/common-preverify-build.xml:323: The required attribute ‘oamPassphrase’ is missing
If you have time could you please take web session.
We are start this setup two months back.
Please provide your details.
Thanks,
Vishnu Reddy,
+91-7738-2345-73.
@admin
finding some difficulty to create the ticket, sent the log file to your mail id.
Regards
Hasif
@Hasif
also you can change the file name to .txt and upload since we have restriction on file types. if still does not work then send to tushar at oratraining.com
@admin
Hi,
Created ticket , but i’m not able to upload log file, can you please share your mail ID so that I can send you directly.
Regards
Hasif
@Hasif
Please post your runProvisioning-fin-postconfigure.log and runProvisioning-fin-postconfigure.out files at our free support portal http://www.orasupport.com and we will assist you further.
@Tushar,
I followed new document which you posted and able to complete toll postconfigure step. now i’m stuck with some error.
” ECSF configuration failed. Error message: Java returned: 1″
As per oracle suggetion I have changed _wl_proxy permission to 777, but even after getting same error,
this error is getting while running runProvisioning-fin-postconfigure.
please let me know if you have any idea.
Regards
Hasif
Dear @Vishnu Reddy
We have noticed that sometimes the plan does not get updated even when you change the values. First grep for weblogic in your plan file and if you still see the same name then recreate the plan and provision the environment. We had similar problem when we changed the path but the plan was still referring to old values. Since your error log clearly states that it is looking for weblogic user, it is evident that it is not looking for weblogic_fa.
Also make sure that you have already performed seeding of weblogic_fa user as per the steps mentioned in “configuring FMW components”
As you know one of our team is already helping you on our free support site ORASupport.com on the case you opened.
Thanks for reply,
I provide super username: weblogic_fa only.
I restarted all the services and tried still i am getting same errors.
Thanks,
Vishnu Reddy.
@Vishnu Reddy
The error message is clear. “Cannot find Distinguished Name for name weblogic”
Seems you used user “weblogic” instead if “weblogic_fa” for fusion applications super user. change it and this error will disappear.
Regards
Tushar
For ORA Training
Hi All,
I started Fusion application 11.1.1.5 (Release 11.1.2.0) setup.
I done installation and configuration of all required software’s for Provisioning plan for HCM Module.
Created provisioning plan successfully.
While I am trying to execute provision plan, I am getting below errors …
2012-04-05T12:17:13.458+05:30] [runProvisioning-preverify] [ERROR] [] [runProvisioning-preverify] [tid: 10] [ecid: 0000JQ1GB3H1zWGMyyfd6G1FVJye000000,0] FAPROV-00298 The following error occurred while executing this line:[[
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/orchestration-build.xml:2121: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/base-product-family-build.xml:50: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/fs-build.xml:194: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/common-preverify-build.xml:118: Cannot find Distinguished Name for name weblogic
]]
[2012-04-05T12:17:13.465+05:30] [runProvisioning-preverify] [ERROR] [] [runProvisioning-preverify] [tid: 10] [ecid: 0000JQ1GB3H1zWGMyyfd6G1FVJye000000,0] BUILD FAILED[[
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/orchestration-build.xml:130: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/common-misc-build.xml:109: An Error Occured: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/orchestration-build.xml:2121: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/base-product-family-build.xml:50: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/fs-build.xml:194: The following error occurred while executing this line:
/u02/Oracle/Middleware/Provisioning/provisioning/provisioning-build/common-preverify-build.xml:118: Cannot find Distinguished Name for name weblogic
2)[2012-04-05T12:17:13.200+05:30] [runProvisioning-preverify] [ERROR] [FAPROV-00298] [runProvisioning-preverify] [tid: 12] [ecid: 0000JQ1GDCd1zWGMyyfd6G1FVJye000003,0] An Error Occured: [[
Cannot find Distinguished Name for name weblogic
at oracle.apps.fnd.provisioning.ant.taskdefs.GetFullDNTask.getLdapDN(GetFullDNTask.java:205)
at oracle.apps.fnd.provisioning.ant.taskdefs.GetFullDNTask.executeTask(GetFullDNTask.java:126)
at oracle.apps.fnd.provisioning.ant.taskdefs.BaseProvisioningTask.execute(BaseProvisioningTask.java:102)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:62)
Please help on this.
Thanks,
Vishnu Reddy,
+91-7738-2345-73
@Hasif
You can see this and other workarounds present in our updated steps. All steps are working fine and verified the results.
@muthukumaran , @Krishna , @Anil , @prasad , @Hasif , @Venkat , @sreedhar and all following our blog for fusion installation.
Dear All,
We have now posted updated step by step guide for Fusion installation. Make sure to follow the steps exactly as mentioned in the posts and you will not have any issues in the installation. I will post the JVM and other memory tuning details soon. This will help you keep the installation going without running out of memory.
Please press Refresh the CACHE of the pages by pressing CTRL+F5 so that you don’t see older posts. I would suggest clearing browser cache and still use CTRL+F5 just in case any proxy cache is there.
– ORA Training Admin
@admin
Hi Tushar,
Thanks for the help on the new version installation. i guess because of the OIM-OAM integration issue my installation did not go through and gave up.
I have downloaded the 11.1.3 software from support.oracle.com and installed the database and RCU and hoping to get the new instructions from your blog for next steps.
If you can post this, it would be really great and helpful.
Thanks,
Venkat
Hi Tushar,
This blog really helpful, Appreciate your all efforts, we will wait for your new post.
Regards
Hasif
Hi,
Thanks so much, its working now…..
once again thanks
Thanks,
Sreedhar
@admin
@muthukumaran , @Krishna , @Anil , @prasad , @Hasif , @Venkat , @sreedhar and all following our blog for fusion installation.
We are going to upload fresh steps for fusion apps installation right from beginning and this time we are changing the paths and managed server names as per oracle recommended values since some of the users are having different names than us and they are getting confused while following the blog.
Also we are changing the sequence a bit to make integration work 100% for all. We will also add missing steps for config_oam1, config_oam2, oimitg and some more files which are must for integration but somehow we missed to post those steps on the blog post.
We will also include the workarounds and patches at appropriate steps as per the latest release notes and as per bugs reported by us to Oracle.
I will try to keep the copy of the existing posts for fusion apps installation on a separate location but still if you want you can save your local copy today since tonight I may start updating the blog with new installation steps including the last step of provisioning the environment.
Best regards
Tushar
For ORA Training
@sreedhar
When you created the provisioning plan, it by default saves the file in the same directory from where you launched the provisioningWizard. If you have kept the same path as our blog then it will be /app/fusion/provisioning/bin
Just look for the name with which you saved your provisioning plan and pickup the file with extension .plan (not .summary)
Regards
ORA Training
Hi,
I have completed the “Creating a New Provisioning Plan” step and I have started the “Provisioning an Applications Environment ” step.
I have selected the option “Provision an Application Environment”, but can any one let me know what path I need to provide in “Provisioning Plan” field.
I appreciate you if you provide the solution for this.
Thaks,
Sreedhar
@admin
Hi Tushar,
Thanks for your help! This blog is really helpful to us. we look forward to install the new version.
Venkat
@muthukumaran , @Krishna , @Anil , @prasad , @Hasif , @Venkat
and all others looking for the FMW workarounds and fixes.
Oracle has come up with some patches and some workaronds for most of the issues we discussed in this comments thread. We will test them and update here.
Meanwhile yesterday Oracle has released Fusion Apps 11.1.3 and it includes newer release of FMW 11.1.1.6 (compared to 11.1.1.5 till FA 11.1.2) so hope it includes all fixes. We will install this new release soon and upload complete steps (yes nothing will be skipped) to the blog.
Regards,
Tushar
Hi Tushar
Can you please post High level steps for complete installation of Fusion middleware. just want confirm if we missed any steps.
Now I’m stuck with Pre-configure step.
Could not load the ldif file: javax.naming.NoPermissionException: [LDAP: error code 50 – Insufficient Access Rights]; remaining name ‘cn=FUSION_APPS_PROV_PATCH_APPID,cn=AppIDUsers,cn=Users,dc=localdomain,dc=com’.
oracle has provided two solution , but both are not working.
Regards
Hasif
Hi Venkat
———————————————————
WLSHOST:
WLSPORT: 7001
WLSADMIN: weblogic
WLSPASSWD: oracl123
IDSTORE_HOST:
IDSTORE_PORT: 3060
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=,dc=com
IDSTORE_SEARCHBASE: dc=,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=,dc=com
IDSTORE_OAMSOFTWAREUSER: oamLDAP
IDSTORE_OAMADMINUSER: oamadmin
PRIMARY_OAM_SERVERS: :5575
WEBGATE_TYPE: ohsWebgate10g
ACCESS_GATE_ID: Webgate_IDM
OAM11G_IDM_DOMAIN_OHS_HOST:
OAM11G_IDM_DOMAIN_OHS_PORT:7777
OAM11G_IDM_DOMAIN_OHS_PROTOCOL:http
OAM11G_WG_DENY_ON_NOT_PROTECTED: false
OAM_TRANSFER_MODE: open
OAM11G_OAM_SERVER_TRANSFER_MODE:open
OAM11G_IDM_DOMAIN_LOGOUT_URLS:/console/jsp/common/logout.jsp,/em/targetauth/emaslogout.jsp
OAM11G_OIM_WEBGATE_PASSWD: oracle123
OAM11G_SERVER_LOGIN_ATTRIBUTE: uid
COOKIE_DOMAIN: ..com
OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators
OAM11G_SSO_ONLY_FLAG: true
OAM11G_OIM_INTEGRATION_REQ: true
OAM11G_IMPERSONATION_FLAG:true
OAM11G_SERVER_LBR_HOST:
OAM11G_SERVER_LBR_PORT:7777
OAM11G_SERVER_LBR_PROTOCOL:http
COOKIE_EXPIRY_INTERVAL: 120
OAM11G_OIM_OHS_URL:https::7777
———————————————————–
Regards
Hasif
@Hasif
Hi Hasif,
The problem now for us is , we have gone thru the install process, now as your suggestion , u need to create a new plan and then execute it in a new environment..So, i need to know how and what are all the files to clear before i could go ahead and create a plan..
you can also contact me @ muthu.mailme@gmail.com
I think we can have a clear discussion there…
Regards
Muthu
Hi Hasif,
Can u please share your config_oam2.props.
Thanks,
Venkat
Hi muthukumaran
Oracle has published solution for our issue, I tried , but it didn’t worked for me, kindly share your result.
——————————————————
Workaround
1. Create a file named rwuserpolicy.txt (or any file name of your choice) in a host that connects to the LDAP policy store server
2. Enter the following four lines in this text file.
1. dn: cn=directoryadmingroup,cn=oracle internet directory
2. changetype: modify
3. add: member
4. member:
1. Where is the distinguishing name of the bind user for the policy store created by IDM config tool. For example cn=PolicyRWUser,cn=Users,dc=us,dc=oracle,dc=com
3. Execute the following command from a terminal session of the LDAP policy store server.
1. ldapmodify -h -p -D cn=orcladmin -w rwuserpolicy.txt
1. Where and are the host and port of the policy store Oracle Internet Directory (OID) to be used by the Oracle Fusion Applications environment, and is the password for user cn=orcladmin of the policy store OID. If the file name is other than rwuserpolicy.txt, replace rwuserpolicy.txt with the name you used.
4. Proceed with the creation of a provisioning plan and provisioning a new environment. If you want provisioning to create a new policy store JPS Root Node, then make sure the Create OPSS Policy Store JPS Root Node box is checked in the Access and Policy Management Configuration page during creation of a provisioning plan. Otherwise, leave the box unchecked.-
————————————————-
Regards
Hasif
Hi Venkat
Error showing “SEVERE: Invalid OAM admin server host name”,
can you please recheck your config_oam2.props.
Regard
Hasif
Following is the correct log: please look at this rather than the old log:
Mar 15, 2012 3:38:20 PM oracle.idm.automation.util.Util setLogger
WARNING: Logger initialized in warning mode
Mar 15, 2012 3:38:28 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler execute
FINER: ENTRY
Mar 15, 2012 3:38:43 PM oracle.idm.automation.util.Util setLogger
WARNING: Logger initialized in warning mode
Mar 15, 2012 3:38:47 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler execute
FINER: ENTRY
Mar 15, 2012 3:38:57 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gIdStore
FINER: ENTRY
Mar 15, 2012 3:38:57 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gIdStore
SEVERE: Invalid OAM admin server host name
@Admin
Hi Tushar,
If you see something wrong, can u please let me know.
Thanks,
Venkat
@Hasif
Following is the automation.log after running idmconfigtoos.sh
Mar 15, 2012 1:52:32 PM oracle.idm.automation.util.Util setLogger
WARNING: Logger initialized in warning mode
Mar 15, 2012 1:52:36 PM oracle.idm.automation.AutomationTool prepareIDStore
WARNING: POLICYSTORE_SHARES_IDSTORE not provided. Defaulting to “true”
Mar 15, 2012 1:52:38 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler extendOAMImpSchema
WARNING: OAM Impersonation extensions already exists in the directory
Mar 15, 2012 1:52:38 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOblixAnonymousUser
WARNING: Oblix Anonymous User already exists in the directory
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMAdminUser
WARNING: OAM Admin User already exists in the directory
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMSoftwareUser
WARNING: OAM Software User already exists in the ID Store
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addUsersToGroups
WARNING: OAM Software User is already a member of the group
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMWritePrivGroup
WARNING: Cannot create OAM Write Privilege Group as OAM User name is missing in the Config file
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMWritePrivGroup
WARNING: Cannot create OAM Write Privilege Group as Policy Store Search base is missing in the Config file
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMWritePrivGroup
WARNING: Cannot create OAM Write Privilege Group as Policy Store Host/Port details are missing in the Config file
Mar 15, 2012 1:52:39 PM OAMPreIntegrationHandler createOAMAdminGroup
FINER: ENTRY
Mar 15, 2012 1:52:39 PM OAMPreIntegrationHandler createOAMAdminGroup
FINE: Admin Group: adminGroup:OAMAdministrators
Mar 15, 2012 1:52:39 PM OAMPreIntegrationHandler createOAMAdminGroup
FINE: Admin Group: file:oid/oim_group_template.ldif
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMAdminGroup
WARNING: OIM Admin Group already exists in the directory
Mar 15, 2012 1:52:39 PM OAMPreIntegrationHandler createOAMAdminGroup
FINER: RETURN
Mar 15, 2012 1:52:39 PM OAMPreIntegrationHandler addUsertoOAMAdminGroup
FINER: ENTRY
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addUsertoOAMAdminGroup
WARNING: Error in adding the OIM Admin User as member of OIM Admin Group
Mar 15, 2012 1:52:39 PM OAMPreIntegrationHandler addUsertoOAMAdminGroup
FINER: RETURN
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMConfigStoreContainer
WARNING: OAM Config Store container already exists in the Policy Store
Mar 15, 2012 1:52:39 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addSchemaAdminPrivileges
WARNING: Schema Admin Privileges for OAM Software User already exist in the directory
Mar 15, 2012 1:52:39 PM oracle.idm.automation.AutomationTool dumpConfig
INFO: Configuration details have been dumped to the file idmDomainConfig.param
Hi Hasif
Thanks for answering my last question. I tried the same and some how getting the same errors and my OIM OAM integration is not working. Here is what i gave, can u please correct me if i am missing something in config_oam2.props.
HOST: fusion
WLSPORT: 7001
WLSADMIN: weblogic
WLSPASSWD: oracle123
IDSTORE_HOST: fusion
IDSTORE_PORT: 3060
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=localdomain
IDSTORE_SEARCHBASE: dc=localdomain
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain
IDSTORE_OAMSOFTWAREUSER: oamLDAP
IDSTORE_OAMADMINUSER: oamadmin
PRIMARY_OAM_SERVERS: fusion:5575
WEBGATE_TYPE: ohsWebgate10g
ACCESS_GATE_ID: Webgate_sso
OAM11G_IDM_DOMAIN_OHS_HOST:fusion
OAM11G_IDM_DOMAIN_OHS_PORT:7777
OAM11G_IDM_DOMAIN_OHS_PROTOCOL:http
OAM11G_WG_DENY_ON_NOT_PROTECTED: false
OAM_TRANSFER_MODE: simple
OAM11G_OAM_SERVER_TRANSFER_MODE:open
OAM11G_IDM_DOMAIN_LOGOUT_URLS:/oamsso/logout.html, /console/jsp/common/logout.jsp,/em/targetauth/emaslogout.jsp
OAM11G_OIM_WEBGATE_PASSWD: Oracle123
OAM11G_SERVER_LOGIN_ATTRIBUTE: uid
COOKIE_DOMAIN: .us.oracle.com
OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators
OAM11G_SSO_ONLY_FLAG: true
OAM11G_OIM_INTEGRATION_REQ: true
OAM11G_IMPERSONATION_FLAG:true
OAM11G_SERVER_LBR_HOST:fusion
OAM11G_SERVER_LBR_PORT:7777
OAM11G_SERVER_LBR_PROTOCOL:http
COOKIE_EXPIRY_INTERVAL: 120
OAM11G_OIM_OHS_URL:http://fusion:7777/
Hi Venkat
Followed oracle Doc: E21032-01- 17.2 Integrating Oracle Identity Manager and Oracle Access Manager 11g, for OIM OAM Integration
Regards
Hasif
@Hasif
Hi Hasif,
Can u please tell us how u resolved OIM-OAM Integration? u said u did the integration again. Can u please post the steps?
Thanks,
Venkat
@Hasif
i am also stuck with that same error for the past 1 week.raised a sr with oracle, and they said its a bug with fusion apps..
please try to resolve from your end also..i ll also update if it gets resolved.
Regards
Muthu
@muthu
My previous error is resolved, it was a problem with privilage.
Dear muthu,
please let me know if you got any solution for “Provisioning/provisioning-build/domain-build.xml:1218: Could not load the ldif file: javax.naming.NoPermissionException: [LDAP: error code 50 – Insufficient Access Rights]; remaining name ‘cn=FUSION_APPS_PROV_PATCH_APPID,”
I’m also getting same error
@admin
Started the installation, but stopped with error, i’m installing 11.1.1.5,
please let me know if anyone come acorss this issue and got the solution.
—————————————
Webgate: register-policy-domain-execSecure-BUILD ERROR
Webgate: register-policy-domain-Synchronized -BUILD Error.
—————————————-
2012-03-13T18:15:03.143+05:30] [runProvisioning-install] [NOTIFICATION] [] [runProvisioning-install] [tid: 10] [ecid: 0000JOBuSwN0nnX5Pvx0id1FNnMq000001,0] [logStatus] STATE=BUILD_ERROR!TIMESTAMP=2012-03-13 18:15:03 IST!TARGET=install!CATEGORY=none!DOMAIN=NONE!HOSTNAME=coeerp9.wipro.com!PRODUCTFAMILY=orchestration!PRODUCT=orchestration!TASK=none!TASKID=orchestration.orchestration.NONE.install.NONE!MESSAGE=Cannot run the install phase: The following error occurred while executing this line: /sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/common-misc-build.xml:109: An Error Occured: The following error occurred while executing this line: /sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/orchestration-build.xml:2121: The following error occurred while executing this line: /sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/base-product-family-build.xml:81: The following error occurred while executing this line: /sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/fs-build.xml:316: The following error occurred while executing this line: /sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/fs-build.xml:1322: The following error occurred while executing this line: /sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/base-techstack-build.xml:73: The following error occurred while executing this line: /sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/webgate-build.xml:289: The following error occurred while executing this line: /sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/webgate-build.xml:455: The following error occurred while executing this line: /sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/webgate-build.xml:512: Process “/sdb4/software/FusionApps11g/FA111151_Linux64/jdk6/bin/java -jar /sdb1/oracle/fusion/webtier_mwhome/oracle_common/modules/oracle.oamprovider_11.1.1/oamcfgtool.jar mode=CREATE app_domain=provisioning oam_aaa_host=coeerp9.wipro.com oam_aaa_port=5575 uris_file=/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-plan/bootstrap_oam.conf hostname_variations=fs.coeerp9.wipro.com:12601,fs-ext.coeerp9.wipro.com:12601 oam_admin_server=http://coeerp9.wipro.com:7001 oam_admin_username=oamadmin -usei18nlogin default_authn_scheme=FAAuthScheme oam_cache_header= logouturi=/oamsso/logout.html web_domain=OraFusionApp oam_aaa_mode=open log_level=ALL max_oam_connections=10 primary_oam_servers=wls_oam1:10 oam_ip_validation=0 oam_idle_session_timeout=900 oam_version=11 cookie_domain=coeerp9.wipro.com” exited with non-zero exit code “1”. Input Stream before decrypting for process execution: “+v+nK8QcWk73GHyQvbdYUA==+v+nK8QcWk73GHyQvbdYUA==”. Environment variables: “”.!DETAIL=!BUILDFILE=/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/common-misc-build.xml!LINENUMBER=107!
[2012-03-13T18:15:03.171+05:30] [runProvisioning-install] [ERROR] [] [runProvisioning-install] [tid: 10] [ecid: 0000JOBuSwN0nnX5Pvx0id1FNnMq000001,0] FAPROV-01213
[2012-03-13T18:15:03.177+05:30] [runProvisioning-install] [ERROR] [] [runProvisioning-install] [tid: 10] [ecid: 0000JOBuSwN0nnX5Pvx0id1FNnMq000001,0] BUILD FAILED[[
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/orchestration-build.xml:295: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/common-misc-build.xml:109: Cannot run the install phase: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/common-misc-build.xml:109: An Error Occured: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/orchestration-build.xml:2121: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/base-product-family-build.xml:81: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/fs-build.xml:316: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/fs-build.xml:1322: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/base-techstack-build.xml:73: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/webgate-build.xml:289: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/webgate-build.xml:455: The following error occurred while executing this line:
/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-build/webgate-build.xml:512: Process “/sdb4/software/FusionApps11g/FA111151_Linux64/jdk6/bin/java -jar /sdb1/oracle/fusion/webtier_mwhome/oracle_common/modules/oracle.oamprovider_11.1.1/oamcfgtool.jar mode=CREATE app_domain=provisioning oam_aaa_host=coeerp9.wipro.com oam_aaa_port=5575 uris_file=/sdb1/oracle/FA_PROV_FRWK/FRWK_HM/provisioning/provisioning-plan/bootstrap_oam.conf hostname_variations=fs.coeerp9.wipro.com:12601,fs-ext.coeerp9.wipro.com:12601 oam_admin_server=http://coeerp9.wipro.com:7001 oam_admin_username=oamadmin -usei18nlogin default_authn_scheme=FAAuthScheme oam_cache_header= logouturi=/oamsso/logout.html web_domain=OraFusionApp oam_aaa_mode=open log_level=ALL max_oam_connections=10 primary_oam_servers=wls_oam1:10 oam_ip_validation=0 oam_idle_session_timeout=900 oam_version=11 cookie_domain=coeerp9.wipro.com” exited with non-zero exit code “1”. Input Stream before decrypting for process execution: “+v+nK8QcWk73GHyQvbdYUA==+v+nK8QcWk73GHyQvbdYUA==”. Environment variables: “”.
———————————————————-
Dear Tushar,
I’m able to overcome the errors after redoing OIM-OAM integration. all my pre-req are passed and started installation.
Regards
Hasif
@Hasif
Dear Hasif,
First error can be ignored. For second error you need to enable SSO only flag which it seems you did not set. For third error I recommend you redo OIM-OAM integration steps again to resove this.
for the other 2 OVD and OAM validation errors which I believe all of you will receive can be ignored since it is a known bug.
Again my personal advise, wait for a better version or start with 11.1.2
Dear all,
Please check the updated Release notes from Oracle for Fusion Applications 11.1.1.5 .1 (Metalink Note ID: 1360778.1)
Or download the release notes PDF directly from
https://support.oracle.com/CSP/main/article?cmd=show&type=ATT&id=1360778.1:RELEASE_NOTES
This note describes most of the errors you are facing with workaround.
My personal advise, wait for better version of fusion apps to avoid getting frustrated or start with Fusion applications 11.1.2 instead of 11.1.1.5.1. We will upload better step by step installation guide with more simpler details for 11.2 version soon. Instead of updating this guide we prefer let’s provide you guys a totally new guide with sequential steps till finishing part.
keep checking,
Tushar Thakker
For ORA Training
@admin
You are correct, the problem with mode, if we are using OPEN mode oracle suggesting to do below step to avoid this
1. If you already started provisioning but encountering this error, then exit the Provisioning Wizard by closing the window.
2. Start or restart the Provisioning Wizard.
If you are restarting, select Update an Existing Provisioning Plan in the Installation Options page, and select the provisioning plan that you used earlier.
3. Navigate through the Provisioning Wizard UI to the Access and OPSS Configuration page.
4. For OAM Security Mode
a. Select Simple.
b. Enter any text in the OAM Simple Model Passphrase field.
c. Click Save.
d.Switch the OAM Security Mode to Open.
e.Click Save again.
5.Continue with updating the provisioning plan through the Summary page in the Provisioning Wizard and exit.
6.Delete the entire Oracle Fusion Application Home (APPLICATIONS_BASE) directory that you entered in the provisioning plan.
7.Restart the Provisioning Wizard and start Provisioning an Application Environment again.
——————————–
Now i’m stuck with following error
Error 1 IDSTORE_HOST : invalid IDStore name
Error2 OAM11G_SSO_ONLY_FLAG – Validation error SSO Flag is currently disabled
Error3: OAM11G_OIM_INTEGRATION_REQ: Validation Error OIM is currently not integrated with OAM.
I tried to login with xelsysadm in /oim , but getting error Invalid User name or password.
Please suggest.
Regards
Hasif
@admin
Hi,
I totally stuck with the following for the past 1 week.please help..
[2012-03-08 18:49:54 IST] Common Domain: seed-admin-user-in-central-ldap seedAdmin – BUILD_ERROR : Could not load the ldif file: javax.naming.NoPermissionException: [LDAP: error code 50 – Insufficient Access Rights]; remaining name ‘cn=FUSION_APPS_PROV_PATCH_APPID,cn=AppIDUsers,cn=Users,dc=hclt.corp.hcl;dc=in’
followed all steps same as the blog..please help me to move further..
Regards
Muthu
@Hasif
@muthukumaran
oemPassPhrase error generally comes when we have mentioend any mode other than Open like “Simple” in the provisioning plan and not provided the passphrase. In open mode passphrase is not required.
You can update others on was it the same issue or anything else.
@prasad
my issue with oamPassphrase and is solved now,
now I’m stuck with OIM-OAM integration, I followed above document to Configure Identity and access components, please let me know the steps to complete for Integration.
Regards
Hasif
@muthukumaran
Please let me know how you are solved the issue ‘oamPassphrase’ is missing , I;m also getting same error.
Also I’m getting another error “OVD : Cannot perform OVD validations as Cannot retrieve OVD configuration”
Regards
Hasif
Hi,
I have fixed the OIM-OAM integration and validated it.
When i run preverify now i get below error.
2012-03-10 06:19:53.134 NOTIFICATION [logStatus] STATE=BUILD_ERROR!TIMESTAMP=2012-03-10 06:19:53 IST!TARGET=common-preverify-security!CATEGORY=BUILD_ERROR!DOMAIN=CommonDomain!HOSTNAME=ze42-s-newton!PRODUCTFAMILY=fs!PRODUCT=Functional-Setup!TASK=validateOim!TASKID=fs.Functional-Setup.BUILD_ERROR.common-preverify-security.validateOim!MESSAGE=List of failed Validation in OIM 1. OVD : Cannot perform OVD validations as Cannot bind to OVD with URL : 2. OAM_Validation : Cannot perform OAM Validation as null !DETAIL=List of failed Validation in OIM||1. OVD : Cannot perform OVD validations as Cannot bind to OVD with URL : ||2. OAM_Validation : Cannot perform OAM Validation as null||!BUILDFILE=/u04/fusion/provisioning/provisioning-build/common-preverify-build.xml!LINENUMBER=302!
2012-03-10 06:19:55.047 NOTIFICATION [logStatus] STATE=BUILD_ERROR!TIMESTAMP=2012-03-10 06:19:54 IST!TARGET=common-preverify-security!CATEGORY=BUILD_ERROR!DOMAIN=CommonDomain!HOSTNAME=ze42-s-newton.ind.zensar.com!PRODUCTFAMILY=fs!PRODUCT=Functional-Setup!TASK=validateOam!TASKID=fs.Functional-Setup.BUILD_ERROR.common-preverify-security.validateOam!MESSAGE=Error 1 : OAM11G_ACCESS_SERVER_HOST/OAM11G_ACCESS_SERVER_PORT : Invalid Access Server host/port values. !DETAIL=Error 1 : OAM11G_ACCESS_SERVER_HOST/OAM11G_ACCESS_SERVER_PORT : Invalid Access Server host/port values.|!BUILDFILE=/u04/fusion/provisioning/provisioning-build/common-preverify-build.xml!LINENUMBER=323!
Thanks for help
Prasad
Hi,
http://ze42-s-newton:7777/oim takes me to OAM page.
I am able to login. After this url takes me to identity manager where in after providing the credentials i get error invalid Sign in.
Do we need to run config_oam2.props using idmConfigTool.sh -configOAM input_file=config_oam2.props.
Also on different point in which section did you create the adapter.
Thanks for the help.
Prasad
@admin
Hi,
I manually took a export of that user and deleted the user cn=AppIDUsers.
Then proceeded with retry,
but even then i am stuck up with a new error shown below….
[2012-03-08 18:49:54 IST] Common Domain: seed-admin-user-in-central-ldap seedAdmin – BUILD_ERROR : Could not load the ldif file: javax.naming.NoPermissionException: [LDAP: error code 50 – Insufficient Access Rights]; remaining name ‘cn=FUSION_APPS_PROV_PATCH_APPID,cn=AppIDUsers,cn=Users,dc=hclt.corp.hcl;dc=in’
Please help.Waiting for your input to proceed further..
Regards
Muthu
@admin
Hi,
As per your advice , i was able to get through the step of pre req and installation also got thru successfully.
Now while pre config phase , we are getting the following error..
[2012-03-08 01:16:28 IST] Functional Setup: Seeding global Identities ldapAdd – BUILD_ERROR : Could not load the ldif file: Error Loading the LDIF File NamingException encountered during loading of record: dn: cn=AppIDUsers,cn=Users,dc=hclt.corp.hcl;dc=in cn: AppIDUsers objectclass: container [LDAP: error code 68 – Object already exists]
We are stuck here…please help.
Regards
Muthu
@prasad
Please provide the exact navigation path which you are using to check the integration so I will know at what point there is an issue. Provide each page URL which you are getting.
Hi Tushar,
OIM-OAM integration is not working. Not able to login using xelsysadm. When i try connect with weblogic it takes me to OIM dashboard were i need to retype the username and password.
I have checked the admin.conf and it not using cluster variable.
Thanks,
Prasad
@muthukumaran
@prasad
Please let us know whether you have manually validated OIM-OAM integration? Open http://fusion:7777/oim and it should redirect you to OAM login page. There you login with xelsysadm user. Once logged in it should redirect you back to OIM dashboard without asking for password again.
Make sure you have already added entries for OAM and OIM in admin.conf as per the previous post configuring Identity Management components under topic “Configuring Oracle HTTP Servers for Oracle Identity Manager and SOA”
Just verify that you have correct entries for single host not cluster since we are not using cluster here.
If you are able to manually validate OIM-OAM integration you can easily skip this validation since this is due to Oracle Bug 13528848: PREVERIFY FAILS INVALID ACCESS SERVER HOST/PORT VALUES
OVD also you can safely skip as long as you see it online in Admin console and you are able to connect to OVD as part of previous steps.
This is how the provisioning wizard calls the xml file.
1. orchestration-build.xml – this is the entry point of provisioning wizard including validation
2. It internally calls other functions which are included in secondary xml files like fs-build.xml, crm-build.xml etc
3. The targets specified in the fs-build.xml (for example security validation) are included in “preverify” section of common-preverify-build.xml
You can skip either entier section or only OIM validation etc from common-preverify-build.xml if you are 100% sure it is fine and you are only stuck because of the bug.
For experts only: You can decompile the jar files oracle-provisioning-anttasks.jar and idmsuitevalidationservice.jar in /app/fusion/provisioning/lib to understand how it internally validates. It first calls oracle-provisioning-anttasks.validateoimtask and internally it calls idmsuitevalidationservice to validate sub-components. There is some bug in this calls where it throws the above errors. Oracle will soon revert and fix these bugs.
Regards,
Tushar
ORA Training
@admin
Hi,
I have a workaround for solving the error, but not sure wheather it will work out..
“Need to add 2 more parameters in the oam.props file and the nrun the idmtool.sh script and then upload the fresh param file for creating the plan and then proceed the same way..””
Can we proceed with this method?? please advice..
Also please let us know if we need the node manager up and running..??if it is up and running, i get the port conflict for 5556 port in the same pre req check …
Please advice on the above query too…
Regards
Muthu
@admin
Hi,
We are waiting for your update very badly..
Its high time to complete the installation.please help..
Regards
muthu
012-03-05 23:36:27.480 NOTIFICATION [logStatus] STATE=BUILD_ERROR!TIMESTAMP=2012-03-05 23:36:27 IST!TARGET=common-preverify-security!CATEGORY=BUILD_ERROR!DOMAIN=CommonDomain!HOSTNAME=ze42-s-newton.ind..com!PRODUCTFAMILY=fs!PRODUCT=Functional-Setup!TASK=validateOam!TASKID=fs.Functional-Setup.BUILD_ERROR.common-preverify-security.validateOam!MESSAGE=Error 1 : IDSTORE_HOST : Invalid IDStore host name. Error 2 : OAM11G_SSO_ONLY_FLAG : Validation error.SSO flag is currently disabled. Error 3 : OAM11G_OAM_ADMIN_USER_PASSWD : Validation error. OAM Admin user/password not matching with the user credentials configured Error 4 : OAM11G_OIM_INTEGRATION_REQ : Validation error. OIM is currently not integrated with OAM. Error 5 : OAM11G_ACCESS_SERVER_HOST/OAM11G_ACCESS_SERVER_PORT : Invalid Access Server host/port values. !DETAIL=Error 1 : IDSTORE_HOST : Invalid IDStore host name.|Error 2 : OAM11G_SSO_ONLY_FLAG : Validation error.SSO flag is currently disabled.|Error 3 : OAM11G_OAM_ADMIN_USER_PASSWD : Validation error. OAM Admin user/password not matching with the user credentials configured|Error 4 : OAM11G_OIM_INTEGRATION_REQ : Validation error. OIM is currently not integrated with OAM.|Error 5 : OAM11G_ACCESS_SERVER_HOST/OAM11G_ACCESS_SERVER_PORT : Invalid Access Server host/port values.|!BUILDFILE=/u04/fusion/provisioning/provisioning-build/common-preverify-build.xml!LINENUMBER=323!
2012-03-05 23:37:35.925 NOTIFICATION [logStatus] STATE=BUILD_ERROR!TIMESTAMP=2012-03-05 23:37:35 IST!TARGET=preverify!CATEGORY=BUILD_ERROR!DOMAIN=NONE!HOSTNAME=ze42-s-newton.ind.zensar.com!PRODUCTFAMILY=orchestration!PRODUCT=orchestration!TASK=validationStatus!TASKID=orchestration.orchestration.BUILD_ERROR.preverify.validationStatus!MESSAGE=Total number of preverify validation errors: 4!DETAIL=Total number of preverify validation errors: 4!BUILDFILE=/u04/fusion/provisioning/provisioning-build/orchestration-build.xml!LINENUMBER=112!
I am getting above error. In which stage did you configure Oracle Access Manager for Oracle Identity Manager Integration
Hi,
Now i have ended up with 2 errors on the whole..Below are the errors..
Err 1. OVD : Cannot perform OVD validations as Cannot retrieve OVD configuration
Err 2. OAM_Validation : Cannot perform OAM Validation as null
Error 1 : IDSTORE_HOST : Invalid IDStore host name.
Error 2 : OAM11G_SSO_ONLY_FLAG : Validation error.SSO flag is currently disabled.
Error 3 : OAM11G_OIM_INTEGRATION_REQ : Validation error. OIM is currently not integrated with OAM.
please help us in resolving this…
regards
muthu
@admin
hi,
We are facing the same error as prasad, when i give the admin username as weblogic.All services are up and running.
Please help us in solving this ..
@prasad: please let us know if , had solved this error..We are also desperate to finish it..
regards
muthu
@prasad
Just make sure you are using correct version of the post. Try deleting cache and refresh the page with F5. Also 7777 should work provided you have set the aliasing correctly. Otherwise you can also use 14000 for endpoint for validation. We have verified that and it does pass the validation including Mbean.
Regards,
Tushar
2012-03-05 10:01:37.322 NOTIFICATION [logStatus] STATE=BUILD_ERROR!TIMESTAMP=2012-03-05 10:01:37 IST!TARGET=common-preverify-security!CATEGORY=BUILD_ERROR!DOMAIN=CommonDomain!HOSTNAME=ze42-s-newton.ind.zensar.com!PRODUCTFAMILY=fs!PRODUCT=Functional-Setup!TASK=validateOim!TASKID=fs.Functional-Setup.BUILD_ERROR.common-preverify-security.validateOim!MESSAGE=List of failed Validation in OIM 1. Cannot make non-ssl connection to OIM server : http://ze42-s-newton:7777 , 2. MBean required for FA not found. Please check OIM_T3_URL has OIM managed server host and port : APPIDSeedingMBean 3. MBean required for FA not found. Please check OIM_T3_URL has OIM managed server host and port : NotificationPolicyConfigMBean 4. Cannot find OIM Validation Mbean for validation purposes.Please ensure OIM server is up and running. !DETAIL=List of failed Validation in OIM||1. Cannot make non-ssl connection to OIM server : http://ze42-s-newton:7777 , ||2. MBean required for FA not found. Please check OIM_T3_URL has OIM managed server host and port : APPIDSeedingMBean||3. MBean required for FA not found. Please check OIM_T3_URL has OIM managed server host and port : NotificationPolicyConfigMBean||4. Cannot find OIM Validation Mbean for validation purposes.Please ensure OIM server is up and running.||!BUILDFILE=/u04/fusion/provisioning/provisioning-build/common-preverify-build.xml!LINENUMBER=302!
2012-03-05 10:01:39.102 NOTIFICATION [logStatus] STATE=BUILD_ERROR!TIMESTAMP=2012-03-05 10:01:39 IST!TARGET=common-preverify-security!CATEGORY=BUILD_ERROR!DOMAIN=CommonDomain!HOSTNAME=ze42-s-newton.ind.zensar.com!PRODUCTFAMILY=fs!PRODUCT=Functional-Setup!TASK=validateOam!TASKID=fs.Functional-Setup.BUILD_ERROR.common-preverify-security.validateOam!MESSAGE=Error 1 : IDSTORE_HOST : Invalid IDStore host name. Error 2 : OAM11G_SSO_ONLY_FLAG : Validation error.SSO flag is currently disabled. Error 3 : OAM11G_OAM_ADMIN_USER_PASSWD : Validation error. OAM Admin user/password not matching with the user credentials configured Error 4 : OAM11G_OIM_INTEGRATION_REQ : Validation error. OIM is currently not integrated with OAM. Error 5 : OAM11G_ACCESS_SERVER_HOST/OAM11G_ACCESS_SERVER_PORT : Invalid Access Server host/port values. !DETAIL=Error 1 : IDSTORE_HOST : Invalid IDStore host name.|Error 2 : OAM11G_SSO_ONLY_FLAG : Validation error.SSO flag is currently disabled.|Error 3 : OAM11G_OAM_ADMIN_USER_PASSWD : Validation error. OAM Admin user/password not matching with the user credentials configured|Error 4 : OAM11G_OIM_INTEGRATION_REQ : Validation error. OIM is currently not integrated with OAM.|Error 5 :
@prasad
Please use weblogic/ instead of xelsysadm and it will work fine. Make sure all components are up (Admin, OAM, OIM and SOA) while running pre-req check. If you want to just validate you can keep one component at a time (OAM for example) and test and once checked each individually you can skip OIM/OAM test from pre-build xml file. I am travelling right now. Will update post with workarounds soon.
Regards,
Tushar
@muthukumaran instead of xelsysadm and it will work fine. Make sure all components are up (Admin, OAM, OIM and SOA) while running pre-req check. If you want to just validate you can keep one component at a time (OAM for example) and test and once checked each individually you can skip OIM/OAM test from pre-build xml file. I am travelling right now. Will update post with workarounds soon.
Please use weblogic/
Regards,
Tushar
@admin
Hi,
We have an additional error now
“The OIM domain user ‘xelsysadm’ should not be used to seed provisioning data”.
Please help us in resolving this error.
regards
muthu
Hi,
I am getting below error during the pre verify phase.
!PRODUCT=Functional-Setup!TASK=validateOim!TASKID=fs.Functional-Setup.BUILD_ERROR.common-preverify-security.validateOim!MESSAGE=The OIM domain user ‘xelsysadm’ should not be used to seed provisioning data.!DETAIL=The OIM domain user ‘xelsysadm’ should not be used to seed provisioning data.!BUILDFILE=/u04/fusion/provisioning/provisioning-build/common-preverify-build.xml!LINENUMBER=302!
@admin
Hi ,
The oampassphrase missing error is rectified and now i am facing a new error .
Error 1 : OAM WLS Domain details : Error while connecting to admin server in IDM domain. Validation cannot be done. Please verify admin host, port, username, password values.[[
List of failed Validation in OIM
1. Cannot make non-ssl connection to OIM server : http://fus01ovm3.hclt.corp.hcl.in:7777 ,
2. Failed to connect to the OIM T3 URL.
3. Error while connecting to admin server in IDM domain. Validation cannot be done. Please verify admin host, port, username, password values.
Error3 .Could not validate the following mbeans on fus01ovm3.hclt.corp.hcl.in:14000 : [oracle.iam:type=IAMAppRuntimeMBean,name=RoleCategorySeedMBean,Application=oim,ApplicationVersion=11.1.1.3.0, oracle.iam:type=IAMAppRuntimeMBean,name=APPIDSeedingMBean,Application=oim,ApplicationVersion=11.1.1.3.0, oracle.iam:type=IAMAppRuntimeMBean,name=NotificationPolicyConfigMBean,Application=oim,ApplicationVersion=11.1.1.3.0, oracle.iam:type=IAMAppRuntimeMBean,name=MLSLanguageSeedingMBean,Application=oim,ApplicationVersion=11.1.1.3.0]!
Also please advice if , Nodemanager has to be up and running in 5556.If its up and running i am getting a port conflict.
Please advice..
regards
muthu
@admin
Hi,
We now changed the port value also to 7050 as given in the post, and also changed the oim admin port to 14000 as per this post.
I am still facing the problem of “missing oamPassPhrase”.
regards
muthu
@muthukumaran
Please note that your OIM is running on 14000 port. You should be able to telnet on 14000 port and same has to be configured in the provisioning plan. Please check this post for the correct value.
@admin
Hi,
While creating the provisioning plan , we had some port conflicts when we gave the same port number as given in the blog , so we just changed the port value to 7050 and proceeded.
Also now, when we gave the super user as “weblogic_fa” , it is throwing the following error.
/d01/fusion/provisioning/provisioning-build/common-preverify-build.xml:323: The required attribute ‘oamPassphrase’ is missing
And also ,
2012-03-01T16:29:26.699+05:30] [runProvisioning-preverify] [ERROR] [] [runProvisioning-preverify] [tid: 12] [ecid: 0000JNDuEn29xWcLli0FyZ1FJpOp000003,0] List of failed Validation in OIM[[
1. Cannot make non-ssl connection to OIM server : http://fus01ovm3.hclt.corp.hcl.in:7777 ,
2. Failed to connect to the OIM T3 URL.
3. Error while connecting to admin server in IDM domain. Validation cannot be done. Please verify admin host, port, username, password values.
Can you please help us on resolving this..
regards
muthu
@muthukumaran
My bad. We had fixed the Super user name while installing but missed to update here. Now the screenshots are updated. Please use “weblogic_fa” as super user name instead of “cn=orcladmin” which was by mistake. You can change it by “Update existing provisioning plan” or review plan screens during Provisioning.
Please let us know if the installation goes through or not. Please note that there could be a few things which we did during installation and might not have been updated here since it was first ever fustion installation and done very quickly. We will keep updating the posts. Thanks for your input.
Thanks
ORA Training Admin
@admin
Hi,
Many Thanks for your immediate support.
We are waiting for your update very eagerly.
regards
muthu
Dear @muthukumaran
I would like to connect to your setup through teamviewer or something to resolve the issue but please allow me some time. We have a lot of activities going on right now along with preparing Windows Host based installation of Fusion application (for all who are not aware yet, Fusion Apps for Windows 64bit is released). I would quickly come back to you.
Hi,
We have followed exactly the same procedure, except the domain name..
We have given the Domain name as dc=hclt.corp.hcl;dc=in. The only change we did was , we gave the above entry for dc instead dc=localdomain. ..
So is this causing this issue??? Please help us, we are desperate to complete the installation..
regards
muthu
hi
i have successfully created the provisioning plan by following this blog.
When i try to execute the plan am getting the following error in pre req check.
[2012-02-29 01:45:16 IST] Functional Setup: common-preverify-security getFullDN – BUILD_ERROR : Cannot find Distinguished Name for name cn=orcladmin
It would be a great timely help, if you could help us resolving this issue..
regards
muthu
@Anil
Glad we could help you. Please bear with us while we update all other fusion related posts. We are taking new screenshots and putting notes together.
@Krishna
Can you please let us know what was the disk size you had selected while creating the VM. I have suggested 300 or 350 GB. This can accommodate HCM as I mentioned in this post. Financials will not be feasible in this size.
Thanks Ora Training people for such a fantastic blog. We have manged to finish the installation till now. Currently proceeding with final part of installing HRMS as per your advise.
after creating the privisioning plan, when we tried provisioning the application environment, it failed saying it requires 100GB for finance and hcm install and 60gb only for hcm. can you please advice how to get rid of this warning/error.
@admin
@Admin,
yes, we were able to finish till the ‘create the provisioning plan’ step. But this started failing in the final provisioning step.
It would be good to know if you guys are able to complete the provisioning step using the single host topology.
Thanks!
Krishna
@Krishna
Were you able to finish till creating the provisioning plan or the services were not coming up before this itself?
With the above steps and by allocating the same memory and disk space you should have no issues reaching this point. Do let us know so that we can advise accordingly.
– ORA Training blog admin
Hi!
We faced severe performance issues during the final provisioning step and had to abandon the single-host topology. The admin/managed servers just used to not come up.
Curious to know if your experience was any different and you were able to pull it off on a single VM.
Thanks!
Krishna