"Leave
nothing for tomorrow which can be done today."
-Abraham
Lincoln (1809-1865)
|
How
can troubleshoot my Oracle9iAS setup?
The following is a diagnosing Single Sign-On, OHS, Web cache and OiD dependency issues with Oracle9iAS Portal 9.0.X
Due
to the interdependency of Oracle9iAS Portal with the Oracle9iAS Single
Sign-On Server, the Oracle HTTP Server, the Oracle9iAS Web Cache and
the Oracle Internet Directory (OiD) in Oracle9i Application Server
Release 2 (9.0.2), is difficult to identify sometimes where a problem
lies.
In
this document we will find some quick tests that you can perform to
check the proper functionality of these products since wrong
configuration or malfunctioning might affect Oracle9iAS Portal
functionality.
Troubleshooting
Oracle Portal 9.0.X
===================================
Portal
issues related with other Oracle Products like Oracle HTTP Server (OHS),
Oracle9iAS Web Cache, Oracle9iAS Single Sign-On Server or Oracle
Internet Directory (OiD) are most likely to happen for the following
component’s instance:
From the Infrastructure instance:
- Oracle9iAS HTTP Server.
- Oracle9iAS Single Sign-On Server.
- Oracle Internet Directory (OiD).
From the Portal Mid-Tier instance:
- Oracle9iAS HTTP Server.
- Oracle9iAS Web Cache.
Checking
dependent products are up and running:
----------------------------------------------
1.
Checking the Oracle HTTP Server is Up.
- Go to the ORACLE_HOME/Apache/Apache/conf directory for the
instance you need to check (Portal Mid-Tier or Infrastructure
instance).
- Search for the Listen Port entry at the end of the httpd.conf
file
(there might be two Listen entries, look for the last one).
The default port is: Listen 7777
If the Mid-Tier is installed in the same machine of the
Infrastructure then the default ports are:
Infrastructure: Listen 7777
Mid-Tier: Listen 7779
- In the same httpd.conf file search for the ServerName entry
at the end of the file.
- Enter the following URL to verify if the OHS is up and
running:
http://<servername>:<Listen-port>/
where:
<servername> - Is the machine where the HTTP Server is
located
(ServerName entry in httpd.conf file).
<Listen-port> - Is the Listen port number of the Oracle
HTTP Server
(Listen
entry in the httpd.conf file).
If you cannot access this page verify that the Oracle HTTP
Server is Up and running. You can do this with Oracle Enterprise
manager or with the following command:
$ dcmctl getstate -v
Output from this command should look
like this:
Component
Type
Up Status
In Sync Status
================================================================
1 HTTP Server
ohs
Up
True
2.
Checking the Oracle Web Cache is Up.
- Go to the ORACLE_HOME/Apache/Apache/conf directory for the
Portal Mid-Tier instance.
- Search for the Port entry at the end of the httpd.conf file.
Default port is: Port 7778
- In the same httpd.conf file search for the ServerName entry
at the end of the file.
- Go to the ORACLE_HOME/webcache directory for the Portal
Mid-Tier instance.
- Search for the ADMINISTRATION string in the webcache.xml
file.
The line should look like this:
<LISTEN IPADDR="ANY" PORT="4000" PRTYPE="ADMINISTRATION"/>
This line will show you the administration port for webcache.
Default port is: 4000
If the Mid-Tier is installed in the same machine of the
Infrastructure then the default ports is: 4003
- Test the following URLs to verify if the Oracle Web Cache is
up and running:
http://<servername>:<webcache-Port>/
--> This URL should take you to the OHS Home Page.
http://<servername>:<webcache-Admin-Port>/
--> This URL should take you to the Webcache Admin Page.
You should be able to Login to the "Web Cache
Manager" as:
userid: administrator (default password is administrator).
where:
<servername> - Is the machine where the HTTP Server is
located
(ServerName entry in httpd.conf file for the Portal Mid-Tier
instance).
<webcache-Port> - Is the port number of the Oracle HTTP
Server
(Port entry in httpd.conf file for the Portal
Mid-Tier instance).
<webcache-Admin-Port> - Is the Administration Port number
for webcache (Port entry for "ADMINISTRATION" in
webcache.xml file for the Portal in Mid-Tier instance).
If you cannot access any of these pages or you cannot login as
administrator user to the "Web Cache Manager" then verify
that the Oracle Web cache for the Portal Mid-Tier instance is Up and
running. You can verify this with Oracle Enterprise
Manager or with the following command:
$ webcachectl status
Output from this command should look like this:
Web Cache admin server is running as process XXXX.
...
Web Cache cache server is running as process YYYY.
3.
Checking the Oracle9iAS Single Sign-On Server is Up.
- Go to the ORACLE_HOME where the Single Sign-On Server is
installed
(By default SSO is installed in the Infrastructure instance).
- Search for the Listen Port entry at the end of the file
httpd.conf file under $ORACLE_HOME/Apache/Apache/conf directory.
Default port is: Port 7777
- In the same httpd.conf file search for the ServerName entry
at the end of the file.
- Search for the Login Server instance DAD in the dads.conf
file under $ORACLE_HOME/Apache/modplsql/conf directory. Take note of
the DAD name under the "Location" tag.
Default is: <Location /pls/orasso>
- Enter the following URL to verify if the Single Sign-On
Server is up and running:
http://<servername>:<Listen-Port>/pls/<Single_Sign-On_DAD>
--> This URL should take you to the Single Sign-On
Administration Page.
You should be able to Login to this page as:
userid: orcladmin (default password is the same as ias_admin
user). where:
<servername> - Is the machine where the Single Sign-On
Server is installed (ServerName entry in httpd.conf file).
<Listen-port> - Is the Listen port number of the Oracle
HTTP Server where the Single Sign-On Server is installed (Listen entry
in the httpd.conf file).
<Single_Sign-On_DAD> - Is the database access descriptor
for the Single Sign-On schema. Default is: orasso
If you cannot access this page and the OHS for the
infrastructure instance is Up then you need to verify the DAD
information in the dads.conf file. Put
special attention to the following information:
i) Database
Username.
ii) Database
Password (this might be encrypted).
iii) Database Connect String.
An easy way to verify the DAD status is using Oracle Enterprise
Manager. You can also update DAD information using Oracle Enterprise
manager. Is important that you be able to get to this page and login
as orcladmin user before attempting to login to Portal.
4.
Checking Oracle Internet Directory (OiD) is Up.
- Go to the ORACLE_HOME where the Oracle Internet Directory is
installed (By default OID is installed in the Infrastructure
instance).
- Execute the following command to verify oid processes are Up
and running: $ORACLE_HOME/ldap/bin/ldapcheck
You should see something like this:
Checking Oracle Internet Directory Processes ...
Process oidmon is Alive as PID XXXX
Process oidldapd is Alive as PID YYYY
Process oidldapd is Alive as PID ZZZZ
Not Running ---- Process oidrepld
<- This process should be running only if OID Replication
was setup.
5.
Checking Oracle Internet Directory (OiD) Delegated Administration
Service (oiddas) is Up.
- Go to the ORACLE_HOME where the Oracle Internet Directory is
installed (By default OID is installed in the Infrastructure
instance).
- Search for the Listen Port entry at the end of the file
httpd.conf file under $ORACLE_HOME/Apache/Apache/conf directory.
Default port is: Port 7777
- In the same httpd.conf file search for the ServerName entry
at the end of the file.
- Enter the following URL to verify if the Oracle Internet
Directory
Delegated Administration Service (oiddas) is up and running:
http://<servername>:<Listen-Port>/oiddas
where: <servername> - Is the machine where the Oracle
Internet Directory (OID)is installed (ServerName entry in httpd.conf
file).
<Listen-port> - Is the Listen port number of the Oracle
HTTP Server where OID is installed (Listen entry in the httpd.conf
file).
If you cannot access this page and the OHS is up then you need
to be sure that the OID is Up (See step 4 from this note).
*************
If
you have any issues with the previous tests or starting services for
the Oracle HTTP Server, the Oracle9iAS Web Cache, the Oracle9iAS
Single-Sign-On Server or the Oracle Internet Directory (OiD) then you
need to search for specific information on the errors you have under
that specific product since this issues are not Portal specific. There
are some good notes that you can use to verify the correct setup of
this products. See the "Related Documents" section at the
end of this document.
*************
Next
check is portal specific.
6.
Checking the OJ4J_Portal instance is Up.
- Go to the ORACLE_HOME for your Portal Mid-Tier instance.
- Execute the following command to verify if the Oc4J_Portal
process exists and is running:
$ dcmctl getstate -v
Output from this command should look
like this:
Component
Type
Up Status
In Sync Status
================================================================
4 OC4J_Portal
oc4j
Up
True
If you don't see the OC4J_Portal entry then your portal
installation might be wrong.
If the entry for OC4J_Portal exists and status is Down then you
need to start the process. You can do this with Oracle Enterprise
Manager or with the following command:
$ dcmctl start -cl
Additional
checks for Oracle9iAS Portal with Oracle9iAS Single Sign-On Server:
----------------------------------------------------------
Starting
with Oracle9i Application Server Release 2, Oracle9iAS Single Sign-On
is considered a product independent from Oracle9iAS Portal, and as
such, you should verify the functionality of this product in order for
Oracle9iAS Portal to authenticate users.
Oracle9iAS
Portal is a partner application to the Oracle9iAS Single Sign-On
Server. When Oracle9iAS Portal is installed it is associated with the
Oracle 9iAS Single Sign-On Server for authentication services.
Users
first gain access to the Single Sign-On server by entering the URL of
Oracle9iAS Portal:
http://<servername>:<port>/pls/<portal_DAD>
where:
<servername> - Is the machine where the Portal Mid-Tier
is located
(ServerName entry in httpd.conf file for the Portal
Mid-Tier instance).
<Port> - Is the port number of the Oracle HTTP Server for
the Portal Mid-Tier instance (Port entry in httpd.conf file). Default
is 7778.
<portal_DAD> - Is the database access descriptor for the
portal schema. (You should have an entry for this DAD in the dads.conf
file for the Portal Mid-Tier instance). The default DAD is portal.
Entering
this URL invokes the Single Sign-On login screen. Once they have
entered the correct user name and password, users can gain access to
other partner applications and to external applications without having
to provide credentials again.
If
you get access to the Portal Home Page but you cannot login, then you
need to verify that the Oracle9iAS Single Sign-On Server is working
properly (See step 3 from this note).
Next
you will find some checks that you might perform to verify Oracle9iAS
Single Sign-On functionality:
a)
Navigate to the administrative home page for Single Sign-On by typing
the following URL:
http://<servername>:<Listen-port>/pls/<Single_Sign-On_DAD>
where:
<servername> - Is the machine where the Single Sign-On
server is located. By default SSO is installed in the Infrastructure.
(ServerName entry in httpd.conf file).
<Listen-port> - Is the Listen port number of the Oracle
HTTP Server where the Single Sign-On Server is installed (Listen entry
in the httpd.conf file - Infrastructure by default). Default port is
7777.
<Single_Sign-On_DAD> - Is the database access descriptor
for the Single Sign-On schema (You should have an entry for this DAD
in the dads.conf file where the Single Sign-On Server is installed -
Infrastructure by default). The default DAD is orasso.
You should be able to get to this page if the Oracle9iAS Single
Sign-On Server is up and running.
If you cannot access this page then you need to correct these
issue before attempting to connect to Oracle Portal.
b)
If you get access to the administrative home page for Single Sign-On
try connecting as orcladmin user. Default password is the same as
ias_admin user.
If you cannot login then you need to correct these issue before
attempting to connect to Oracle Portal.
c)
If you get access to the administrative home page for Single Sign-On
and you were able to connect as orcladmin user then try to connect as
portal user. Default password is the same as ias_admin user.
If you can login as portal user from this page but you cannot
login from Oracle Portal Home Page then you need to verify the
existence of an Oracle9iAS Portal Partner application in the
Oracle9iAS Single Sign-On Server and that the information for the
partner application is correct.
If you cannot login as portal user from this page then you need
to perform additional checks with Oracle Internet Directory (OiD). See
later on this document for more information.
Additional
checks for Oracle Internet Directory (OiD):
------------------------------------------------------
In
Oracle9iAS, Release 2, Single Sign-On authentication is directory
based, this means that user names and passwords are managed in Oracle
Internet Directory.
So
if you have any issues login from the administrative home page for
Single Sign-On next check will be to test if the user exists in OiD.
To
verify this you can perform the following tests:
a)
Verify if the portal user and password are recognized in OiD.
- Go to the ORACLE_HOME where the Oracle Internet Directory is
installed (By default OID is installed in the Infrastructure
instance).
- Search for the PORT_NUMBER entry in the das.properties file
under $ORACLE_HOME/ldap/das directory. Default port is: Port
4032
- Execute the following command to verify if the portal user
exists in OiD and the password is correct:
ldapbind -p <oid_port> -D cn=<portal_user>,cn=users,dc=us,dc=oracle,dc=com
-w <portal_user_password>
The output from this command should look like this:
--> bind successful
If the userid does not exist in OiD or the password is
incorrect you will get the following error:
--> ldap_bind: Invalid Credentials
where:
<oid_port> - Is the OID Port.
Default port is: 4032
<portal_user> - Is the portal user you want to verify.
Default
portal user is: portal
<portal_user_password> - Is the password for the portal
user.
Default password for the portal user is the same password of
ias_admin user.
If you get the "bind successful" message this means
that the portal user exist in OiD and that the password for that user
is correct.
In this case if you cannot login from the administrative home
page for Single Sign-On then you need to search for specific errors
with Oracle9iAS Single-Sign-On Server since this is not an OiD or
Portal specific issue.
If you get the "ldap_bind: Invalid Credentials"
continue with the next check.
b)
Verify if the portal user exist in OiD.
You will need to do this check if you get the "Invalid
Credentials" message in previous step.
To verify if the portal user exists in OiD do the following:
- Go to the ORACLE_HOME where the Oracle Internet Directory is
installed (By default OID is installed in the Infrastructure
instance).
- Execute the following command:
$ORACLE_HOME/bin/oidadmin
- Connect as orcladmin user.
Default password is same as ias_admin user.
- Navigate to the following entry:
+ Oracle Internet Directory Servers
+ cn=orcladmin@<oid_hostname>:<oid_port>
+ Entry Management
+ dc=com
... drill down until you see the following ...
+cn=Users
-->
You should see an entry for the portal user here.
If you don't see an entry for the portal user then Oracle9iAS
Portal installation might be wrong.
If you see an entry for the portal user then user password
might be wrong. If that is the case you can reset the portal password
here.
Checking
the Oracle9iAS Portal Partner application in the Oracle9iAS Single
Sign-On Server:
---------------------------------------------------------------
To
verify if the Oracle9iAS Portal is a partner application is correct do
the following:
-
Navigate to the administrative home page for Single Sign-On by typing
the following URL:
http://<servername>:<Listen-port>/pls/<Single_Sign-On_DAD>
-
Login as orcladmin user.
-
Click on SSO Server Administration.
-
Click on Administer Partner Applications.
-
Look for an entry "Oracle Portal (portal)"
The schema might be different depending on your portal schema
name.
-
Click on Edit.
-
Verify that the information there is correct.
Some fields to look at are:
Home URL: http://<servername>:<port>/pls/<portal-DAD>/portal.home
Success URL: http://<servername>:<port>/pls/<portal-DAD>/portal.wwsec_app_priv.process_signon
Logout URL: http://<servername>:<port>/pls/<portal-DAD>/portal.wwsec_app_priv.logout
where:
<servername> - Is the machine where the Portal Mid-Tier
is located
(ServerName entry in httpd.conf file for the Portal
Mid-Tier instance).
<Port> - Is the port number of the Oracle HTTP Server for
the Portal Mid-Tier instance (Port entry in httpd.conf file). Default
is 7778.
If using Web Cache with Portal see the following document:
--> Oracle9iAS
Single Sign-On Release Notes
Release 2 (9.0.2)
Look at the following section:
--> Bug:
Enabling Oracle9iAS Web Cache
<portal_DAD> - Is the database access descriptor for the
portal schema. (You should have an entry for this DAD in the dads.conf
file for the Portal Mid-Tier instance). The default DAD is portal.
If
the information for the partner application is incorrect then
Oracle9iAS Portal installation might be wrong.
If
you make a manual install you should verify that the wiring of Portal
with the OiD and Login Server was correct. This means verify that you
provide the correct information.
|