Tuesday, May 7, 2019

nmEnroll/nmConnect commands fails on windows server- Weblogic 12.2.1

nmEnroll and nmConnect  command fails on windows server - Weblogic 12.2.1


The enroll of a domain with node manager and connecting to a node manager was failing in windows server for Weblogic 12.2.1

Steps followed to Enroll the domain:


Execute the following commands in command prompt

C:\Albin\SW\Weblogic\oracle\wlserver\common\bin\wlst.cmd

connect('weblogic','Albin123!','t3://localhost:7001')

nmEnroll('C:\Albin\SW\Weblogic\oracle\user_projects\domains\base_domain','C:\Albin\SW\Weblogic\oracle\user_projects\domains\base_domain\nodemanager')

nmConnect('weblogic', 'Albin123!', 'localhost', '5556', 'base_domain' ,'C:\Albin\SW\Weblogic\oracle\user_projects\domains\base_domain','ssl')

Error:


wls:/base_domain/serverConfig/> nmEnroll('C:\Albin\SW\Weblogic\oracle\user_projects\domains\base_domain','C:\Albin\SW\Weblogic\oracle\user_projects\domains\base_domain\nodemanager')
Enrolling this machine with the domain directory at C:\Albin\SW\Weblogic\oracle\user_projects\domainase_domain ...
Traceback (innermost last):
  File "<console>", line 1, in ?
  File "<iostream>", line 1661, in nmEnroll
  File "<iostream>", line 553, in raiseWLSTException
WLSTException: Error occurred while performing nmEnroll : Problem enrolling the machine. : C:\Albin\SW\Weblogic\oracle\user_projects\domainase_domain\security\SerializedSystemIni.dat (The filename, directory name, or volume label syntax is incorrect)
Use dumpStack() to view the full stacktrace :


The_filename_directory_name,_volume_label_syntax_incorrect

wls:/base_domain/serverConfig/> nmConnect('weblogic', 'Albin123!', 'localhost', '5556', 'base_domain' ,'C:\Albin\SW\Weblogic\oracle\user_projects\domains\base_domain','ssl')
Connecting to Node Manager ...
<May 7, 2019 9:35:58 PM CDT> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<May 7, 2019 9:35:58 PM CDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<May 7, 2019 9:35:58 PM CDT> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.>
Traceback (innermost last):
  File "<console>", line 1, in ?
  File "<iostream>", line 111, in nmConnect
  File "<iostream>", line 553, in raiseWLSTException
WLSTException: Error occurred while performing nmConnect : Cannot connect to Node Manager. : Received error message from Node Manager Server: [Processing for domain 'base_domain' failed due to I/O error: [The filename, directory name, or volume label syntax is incorrect]]. Please check Node Manager log for details.
Use dumpStack() to view the full stacktrace :
wls:/base_domain/serverConfig/>

The_filename_directory_name,_volume_label_syntax_incorrect

The domain path on Windows must use double backslash '\\' as the path separator.

The domain was successfully enrolled after executing the below command

nmEnroll('C:\\Albin\\SW\\Weblogic\\oracle\\user_projects\\domains\\base_domain','C:\\Albin\\SW\Weblogic\\oracle\\user_projects\\domains\\base_domain\\nodemanager')

The_filename_directory_name,_volume_label_syntax_incorrect

nmConnect('weblogic', 'Albin123!', 'localhost', '5556', 'base_domain' ,'C:\\Albin\\SW\\Weblogic\\oracle\\user_projects\\domains\\base_domain','ssl')

The_filename_directory_name,_volume_label_syntax_incorrect



Sunday, March 22, 2015

How to enable SSL debug tracing in Weblogic Server?

How to enable SSL debug tracing in Weblogic Server?

Add the following start up options to the start up file startWebLogic.cmd/startWebLogic.sh or startManagedWebLogic.cmd/startManagedWebLogic.sh based on which file is used to start the server to enable SSL debug tracing in Weblogic Server.

JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.debug.DebugSecuritySSL=true -Dweblogic.debug.DebugSSL=true -Dweblogic.StdoutDebugEnabled=true -Dweblogic.log.StdoutSeverityLevel=Debug -Dweblogic.log.LogSeverity=Debug"



Invocation of https/SSL service is not working from OSB

Invocation of https/SSL service is not working from OSB

We were trying to install the wildcard certificate to enable the communication from OSB to end system, but the following exception was displayed in the log file and also the communication to the end system is failing even though the certificate installation was successful;

<Jan 23, 2015 10:45:05 PM PST> <Notice> <Security> <localhost> <AdminServer> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <bac54c313ca42523:46f5522b:14b61066510:-7ffd-000000000008b798> <1423456801909> <BEA-090898> <Ignoring the trusted CA certificate "CN=*.sample.com,O=Sample,L=Sample,ST=Sample,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
After analysis, we found that JSSE flag should be enabled along with Custom Host Name Verification (weblogic.security.utils.SSLWLSWildcardHostnameVerifier) to support wildcard certificate.

ssl_config

 After enabling the JSSE flag, none of the https communication from OSB is working but https communication from BPEL is working fine even with the wildcard certificate(BPEL and OSB is running in the same server).

The following exception is thrown while invoking the https service from OSB.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>
BEA-380000: General runtime error: java.lang.NullPointerException
</faultstring>
<detail>
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380000</con:errorCode>
<con:reason>
General runtime error: java.lang.NullPointerException
</con:reason>
<con:location>
<con:node>RouteToSFDC_SearchService_BS</con:node>
<con:path>request-pipeline</con:path>
</con:location>
</con:fault>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

This is the internal OSB server issue; the cause of the issue is that the AsyncResponseHandler does not properly register JSSEFilter for JSSE SSL.
The Weblogic patch 11866509 based on the Weblogic server version (this issues is identified in Weblogic server version 10.3.4 and 10.3.5) should be installed to resolve the issue.


Tuesday, May 13, 2014

WLST script to Enable/Disable the debug flags in Weblogic Server

WLST script to Enable/Disable the debug flags in Weblogic Server


This tutorial explains the approach to enable/disable the debug flags in Weblogic Server.

The Debugging flags will help us to enable/disable the debugging for different modules in weblogic.

The flags can be enabled/disabled in different ways

Admin Console


Access admin console — http://localhost:7001/console
Navigate to Environment →Servers → <<Server>> → Debug



Select the required flags and click on Enable/Disable.



WLST Script


The below WLST script enable the Debug Flag ‘DebugSSL’ for configured servers

EnableORDisableDFlags.properties

serverflagconfigs=AdminServer=DebugSSL:false,MS1=DebugSSL:true


EnableORDisableDFlags.py
import re
from java.io import FileInputStreamdef EnableORDisableDFlags(): edit()
 startEdit()
 propInputStream = FileInputStream('EnableORDisableDFlags.properties')
 configProps = Properties()
 configProps.load(propInputStream)  
 
 serverflagconfigs = re.split(",",configProps.get("serverflagconfigs"))
 print serverflagconfigs
 
 for serverConfig in serverflagconfigs: 
 
   serverName=re.split("=",serverConfig)[0]
   config=re.split("=",serverConfig)[1]
   print config
   cd('/Servers/'+serverName+'/ServerDebug/'+serverName)
   flagName=re.split(":",config)[0]
   flagValue=re.split(":",config)[1]
   set(flagName,flagValue)
   print 'Modified the DFlag for '+serverName+' '+ flagName+':'+flagValue
 save()
 activate()  
   
  
def main():
    adminURL='t3://localhost:7001'
    adminUserName='weblogic'
    adminPassword='weblogic1'
    connect(adminUserName, adminPassword, adminURL)
    EnableORDisableDFlags();
    print 'Successfully Modified the DFlags'
    disconnect()
main()


Script -
https://github.com/techforum-repo/youttubedata/tree/master/scripts/wlst/EnableORDisableDFlags

Before executing the script, change the configurations as required.

Execute the script — <<Oracle_Home>>\oracle_common\common\bin\wlst.cmd EnableORDisableDFlags.py




Now the DebugFlag is Enabled/Disabled based on the configurations



JVM start arguments


The debug flags can be enabled/disabled through server start up arguments

Add the flags with -D to the server start up arguments through console Environment →Servers →<<Server>> →Server Start

-Dweblogic.debug.DebugSSL=false



Other option is add the debug flags to the start up file startWebLogic.cmd/startWebLogic.sh or startManagedWebLogic.cmd/startManagedWebLogic.sh based on which file is used to start the server.

e.g.

JAVA_OPTIONS=”${JAVA_OPTIONS} -Dweblogic.debug.DebugSSL=true

The changes will take effect after restarting the server

Debug flags for the Reference


DebugAbbreviation
DebugAppContainer
DebugAsyncQueue
DebugBootstrapServlet
DebugClassRedef
DebugClassSize
DebugCluster
DebugClusterAnnouncements
DebugClusterFragments
DebugClusterHeartbeats
DebugConfigurationEdit
DebugConfigurationRuntime
DebugConnection
DebugConsensusLeasing
DebugDGCEnrollment
DebugDRSCalls
DebugDRSHeartbeats
DebugDRSMessages
DebugDRSQueues
DebugDRSStateTransitions
DebugDRSUpdateStatus
DebugDeploy
DebugDeployment
DebugDeploymentService
DebugDeploymentServiceInternal
DebugDeploymentServiceStatusUpdates
DebugDeploymentServiceTransport
DebugDeploymentServiceTransportHttp
DebugDescriptor
DebugDiagnosticAccessor
DebugDiagnosticArchive
DebugDiagnosticArchiveRetirement
DebugDiagnosticCollections
DebugDiagnosticContext
DebugDiagnosticDataGathering
DebugDiagnosticFileArchive
DebugDiagnosticImage
DebugDiagnosticInstrumentation
DebugDiagnosticInstrumentationActions
DebugDiagnosticInstrumentationConfig
DebugDiagnosticInstrumentationEvents
DebugDiagnosticInstrumentationWeaving
DebugDiagnosticInstrumentationWeavingMatches
DebugDiagnosticJdbcArchive
DebugDiagnosticLifecycleHandlers
DebugDiagnosticQuery
DebugDiagnosticWatch
DebugDiagnosticWlstoreArchive
DebugDiagnosticsHarvester
DebugDiagnosticsHarvesterData
DebugDiagnosticsHarvesterMBeanPlugin
DebugDiagnosticsHarvesterTreeBeanPlugin
DebugDiagnosticsModule
DebugDomainLogHandler
DebugEjbCaching

DebugEjbCmpDeployment
DebugEjbCmpRuntime
DebugEjbCompilation
DebugEjbDeployment
DebugEjbInvoke
DebugEjbLocking
DebugEjbMdbConnection
DebugEjbPooling
DebugEjbSecurity
DebugEjbSwapping
DebugEjbTimers
DebugEmbeddedLDAP
DebugEmbeddedLDAPLogToConsole
DebugEmbeddedLDAPWriteOverrideProps
DebugEventManager
DebugFailOver
DebugFileDistributionServlet
DebugHttp
DebugHttpLogging
DebugHttpSessions
DebugIIOP
DebugIIOPConnection
DebugIIOPMarshal
DebugIIOPNaming
DebugIIOPOTS
DebugIIOPReplacer
DebugIIOPSecurity
DebugIIOPStartup
DebugIIOPTransport
DebugIIOPTunneling
DebugJ2EEManagement
DebugJAXPIncludeClass
DebugJAXPIncludeLocation
DebugJAXPIncludeName
DebugJAXPIncludeTime
DebugJAXPUseShortClass
DebugJDBCConn
DebugJDBCDriverLogging
DebugJDBCInternal
DebugJDBCONS
DebugJDBCRAC
DebugJDBCRMI
DebugJDBCSQL
DebugJMSAME
DebugJMSBackEnd
DebugJMSBoot
DebugJMSCDS
DebugJMSCommon
DebugJMSConfig
DebugJMSDispatcher
DebugJMSDistTopic
DebugJMSDurableSubscribers
DebugJMSFrontEnd
DebugJMSJDBCScavengeOnFlush
DebugJMSLocking
DebugJMSMessagePath
DebugJMSModule
DebugJMSPauseResume
DebugJMSSAF
DebugJMSStore
DebugJMST3Server
DebugJMSWrappers

DebugJMSXA
DebugJMX
DebugJMXCompatibility
DebugJMXCore
DebugJMXDomain
DebugJMXEdit
DebugJMXRuntime
DebugJNDI
DebugJNDIFactories
DebugJNDIResolution
DebugJTA2PC
DebugJTA2PCStackTrace
DebugJTAAPI
DebugJTAGateway
DebugJTAGatewayStackTrace
DebugJTAHealth
DebugJTAJDBC
DebugJTALLR
DebugJTALifecycle
DebugJTAMigration
DebugJTANaming
DebugJTANamingStackTrace
DebugJTANonXA
DebugJTAPropagate
DebugJTARMI
DebugJTARecovery
DebugJTARecoveryStackTrace
DebugJTAResourceHealth
DebugJTATLOG
DebugJTAXA
DebugJTAXAStackTrace
DebugJpaDataCache
DebugJpaEnhance
DebugJpaJdbcJdbc
DebugJpaJdbcSchema
DebugJpaJdbcSql
DebugJpaManage
DebugJpaMetaData
DebugJpaProfile
DebugJpaQuery
DebugJpaRuntime
DebugJpaTool
DebugLeaderElection
DebugLibraries
DebugLoadBalancing
DebugLoggingConfiguration
DebugMessaging
DebugMessagingBridgeRuntime
DebugMessagingBridgeRuntimeVerbose
DebugMessagingBridgeStartup
DebugMessagingKernel
DebugMessagingKernelBoot
DebugMuxer
DebugMuxerConnection
DebugMuxerDetail
DebugMuxerException
DebugMuxerTimeout
DebugPathSvc
DebugPathSvcVerbose
DebugRA
DebugRAClassloader
DebugRAConnEvents

DebugRAConnections
DebugRADeployment
DebugRALifecycle
DebugRALocalOut
DebugRAParsing
DebugRAPoolVerbose
DebugRAPooling
DebugRASecurityCtx
DebugRAWork
DebugRAWorkEvents
DebugRAXAin
DebugRAXAout
DebugRAXAwork
DebugRC4
DebugRSA
DebugReplication
DebugReplicationDetails
DebugRouting
DebugSAFAdmin
DebugSAFLifeCycle
DebugSAFManager
DebugSAFMessagePath
DebugSAFReceivingAgent
DebugSAFSendingAgent
DebugSAFStore
DebugSAFTransport
DebugSAFVerbose
DebugSNMPAgent
DebugSNMPExtensionProvider
DebugSNMPProtocolTCP
DebugSNMPToolkit
DebugSSL
DebugScaContainer
DebugSecurityAdjudicator
DebugSecurityAtn
DebugSecurityAtz
DebugSecurityAuditor
DebugSecurityCertPath
DebugSecurityCredMap
DebugSecurityEEngine
DebugSecurityEncryptionService
DebugSecurityJACC
DebugSecurityJACCNonPolicy
DebugSecurityJACCPolicy
DebugSecurityKeyStore
DebugSecurityPasswordPolicy
DebugSecurityPredicate
DebugSecurityRealm
DebugSecurityRoleMap
DebugSecuritySAML2Atn
DebugSecuritySAML2CredMap
DebugSecuritySAML2Lib
DebugSecuritySAML2Service
DebugSecuritySAMLAtn
DebugSecuritySAMLCredMap
DebugSecuritySAMLLib
DebugSecuritySAMLService
DebugSecuritySSL
DebugSecuritySSLEaten
DebugSecurityService
DebugSecurityUserLockout
DebugSelfTuning
DebugServerLifeCycle
DebugServerMigration
DebugServerStartStatistics
DebugStoreAdmin
DebugStoreIOLogical
DebugStoreIOLogicalBoot
DebugStoreIOPhysical
DebugStoreIOPhysicalVerbose
DebugStoreXA
DebugStoreXAVerbose
DebugTunnelingConnection
DebugTunnelingConnectionTimeout
DebugURLResolution
DebugWANReplicationDetails
DebugWTCConfig
DebugWTCCorbaEx
DebugWTCGwtEx
DebugWTCJatmiEx
DebugWTCTDomPdu
DebugWTCUData
DebugWTCtBridgeEx
DebugWebAppIdentityAssertion
DebugWebAppModule
DebugWebAppSecurity
DebugWorkContext
DebugXMLEntityCacheIncludeClass
DebugXMLEntityCacheIncludeLocation
DebugXMLEntityCacheIncludeName
DebugXMLEntityCacheIncludeTime
DebugXMLEntityCacheUseShortClass
DebugXMLRegistryIncludeClass
DebugXMLRegistryIncludeLocation
DebugXMLRegistryIncludeName
DebugXMLRegistryIncludeTime
DebugXMLRegistryUseShortClass


Saturday, May 3, 2014

WLST script to enable Backup/Archive configurations in weblogic server

WLST script to enable Backup/Archive configurations in weblogic server


By enabling the backup/archiving in Weblogic, the administration Server can automatically backups the domain configuration (the entire domain-name/config directory) during the server boot to DOMAIN_HOME\config-original.jar and config-booted.jar.

Also multiple versions of the domain config will be archived by the Administration Server, each time the domain configuration is modified into the DOMAIN_CONFIG\configArchive folder.

The configuration archives can be used for system restoration in cases where accidental configuration changes need to be reversed.

This tutorial explains how to use WLST script to enable backup/archive configurations.


WLST Script


The below WLST script will help us to enable the backup/archive configurations

EnableArchiving.py

adminURL='t3://localhost:7001'
adminUserName='weblogic'
adminPassword='weblogic1'
connect(adminUserName, adminPassword, adminURL)
domainRuntime()
edit()
startEdit()
cmo.setConfigBackupEnabled(true)
cmo.setArchiveConfigurationCount(5)
save()
activate()



Script
https://github.com/techforum-repo/youttubedata/blob/master/scripts/wlst/EnableArchiving.py

Execute the script

<<Oracle_Home>>\oracle_common\common\bin\wlst.cmd EnableArchiving.py



Verify the configuration


To verify the configuration- Login to admin console →Click on Domain in the left panel →Expand the Advanced in General Configuration section



When the Admin Server starts up it automatically makes a backup of DOMAIN_HOME/config directory and stores it in DOMAIN_HOME/config-original.jar(original configuration file while restarting the server) and once the start up completed(booted) successfully it makes a backup of DOMAIN_HOME/config directory and stores it in DOMAIN_HOME/config-booted.jar(the config file on which the server is booted successfully) .

Most of the cases both of the file contents will be same. If the server fails to boot successfully the config-booted.jar will not be generated and the old config-booted.jar file will be left as it is.



Also whenever the domain configuration is modified, the admin server archive the previous configurations to the DOMAN_HOME\configArchive folder.The files use the naming convention as config-number.jar, where number is the sequential number of the archive.After it reaches the maximum number of archive files specified in the configuration(ArchiveConfigurationCount — 5), older archive files will be discarded



Recover the configurations


Follow the below steps to recover the configurations from archive

Stop the servers

Rename the current <<DOMAIN-HOME>>/config folder to config-bkp

Create a folder with name config under <<DOMAIN-HOME>>

cd to <<DOMAIN-HOME>>/configArchive in a command prompt

Execute the below command(change the archive file name as required)

tar -xf config-1.jar -C <<DOMAIN-HOME>>\config



Start the server — now the configurations are restored from the archive.