Domain , Administration & Managed Server, Cluster in Oracle WebLogic

What is domain in WebLogic ?

WebLogic Domain

Domain is logical grouping of resources and services and consist of Administration Server, Managed Server and cluster. There can only be one administration Server in domain and zero to N Managed Server.

.

.
What is Administration Server ?

Administration Server is WebLogic Server instance that maintains configuration data for a domain. You can deploy your application on administration Server but it is recommended to create managed Server and deploy your application in managed server and leave Administration domain for configuration and maintenance.

—There will always be atleast one Administration Server in a domain.

.

.
What is Managed Server ?

Any WebLogic Server instance apart from Administration Server is called as Managed Servers. This is weblogic server where you deploy your application (Though you can deploy your application in Administration server as well but it is not recommended in production/UAT instance)

.

.

What is Cluster in WebLogic ?

Group of WebLogic Managed Server Instances that work together to provide high availability and scalability for applications is called cluster. WebLogic Servers with in cluster can run on same machine or different machines. These are also called as managed Server cluster.

.

.

Things you should know before creating domain in WebLogic Server ?

– You use configuration wizard to create or extend domain but this can be used only in offline mode (when weblogic server is not running)
– You can also use WLST (WebLogic Scripting Tool), command line tool to create and extend domains in WebLogic Server.
– You can also use unpack command to create new domain. This command can’t be used to extend domain.
– Extending a domain means, you already created domain and now wish to extend it (use more application, add managed server, create cluster…)
– Configuration wizard can be run in Graphical Mode (interactive GUI) or Console Mode (interactive text based)
– For silent mode use WLST (WebLogic Scripting Tool)
– While creating domain you specify Startup Mode (Development or Production). In development mode, you get autodeploy option and security is low. In production mode you need username/password to deploy applications.
– When you create domain, it creates following directories
i) autodeploy ii) bin iii) config (config.xml for domain sits here) iv) console-ext v) lib vi) security vii) servers

–You use config.cmd (windows) or config.sh (unix) from $BEA_HOME/ wlserver_/ common/ bin to start configuration manager to create domain

Below Flowchart (image from Oracle Documentation) displays steps to create domain.
Create WebLogic Domain

SSO : How to deal with “Your Account is Locked”

You have applications (E-Business Suite 11i/R12, Portal, Discoverer, BI Publisher) integrated with Oracle Single sign-On (SSO) and users complain that they receive message ”Your Account is Locked“. Here are few things which can help you in understanding this

-

First thing to do in case “User account is locked”
You should know how to unlock SSO account. These are various ways using which you can unlock account
1. Using OIDDAS : OIADDAS (Delegated Administrative Services) Login as superuser orcladmin (or Account with access to unlock/Change Password) >> select Directory Tab >> enter User Name >> Select Unlock Account

2. Using ODM : Oracle Directory Manager is java based tool to manage users . More can be found here . Go to User’s entry and on right pane reset user password. (Resetting password will unlock account)

3. Using ldapmodify : add attribute “orclpwdaccountunlock” to user account and set its value to 1 usign ldapmodify.

4. Using Portal: If you are using Oracle Portal with SSO, then reset password using Portal User Account portlet (Resetting password will unlock account)

-

Where are account locking rules defined
Next thing to identify is that where account lock rules defined
– Account lock rules are defined in Password Policy in OID (Did you know that you can use different password policy at leaf level in OID from 10.1.4.1 OID)
– To check your password policy, login to OIDADMINusing orcladmin and go to
Password Policy Management -> Password Policy for Realm .... >> click on Account Lockout tab on right pan

- User Account can be locked only if “Global Lockout” is enabled and user try wrong password for number of times defined in “Password Maximum Failure” within “Password Failure Count Internal”
To understand it, lets assume
A) If ”Password Maximum Failure” set to 10 and “Password Failure Count Internal” set to 0, then 10 consecutive wrong password will lock user account.

B) If “Password Maximum Failure” set to 10 and “Password Failure Count Internal” set to 20 then 10 consecutive wrong password within 20 seconds will lock user account.

- Another reason for account lock is “Password Expiry Time” defined in Password Policy. User Account can lock after password expiry time.

Note *

Account will remain locked for time specified by “Global Lockout Duration” (default is 86400 Sec i.e. 1 day) unless unlocked by Admin.

-

How to prevent Administrative Accounts getting locked

You can create another password policy (possible only from OID 10.1.4 and higher) with “No Global Lockout” and attach new password policy to administrative accounts.

-
Finally if your superuser “orcladmin” itself is locked
A) If super user account like “orcladmin” is locked you can unlock it like
oidpasswd [connect=] unlock_su_acct=true

P.S. There are two orcladmin account one cn=orcladmin and other cn=orcladmin,cn=users, dc= (oidpasswd is required to reset password for cn=orcladmin)
B) If ods schema password (this schema holds OID data) is locked then you can unlock this using
SQL> alter user ods account unlock;

C) If for some reason you forgot ods(default password is same as orcladmin or ias_admin) password then you can reset it using metalink note # 472752.1 How to Unlock/Reset Super User cn=orcladmin When the ODS’s Password Has Been Forgotten ?

-

How to track Failed Login Attempts

If you are are getting too many accounts locked and you would like to know if these are from users or some one else (hacker)
1. You can track failed login attempts from ias console

Login to iAS Console of SSO server like http://hostname:/emd (ias_admin/)
Click on “Single Sign-On:orasso”

Check failed logins under “Login Failures During The Last 24 Hours”
2. Use below query to list failed Login attempts in last 7 days including client IP address on your Single Sign-On Server

select USER_NAME||’ - ‘||MESSAGE||’ - ‘||to_char(LOG_DATE,’dd.mm.yyyy hh24:mi:ss’)||’ - ‘||IP_ADDRESS “Login Failures”
from ORASSO.WWSSO_AUDIT_LOG_TABLE$
where log_date > (sysdate - 7)
and MESSAGE = ‘Login failed’
order by log_date;

-

Related

Password Policy in OID/SSO
275104.1 - How To Unlock User Accounts in Portal
251354.1 -OID Superuser Password Locked: How to Unlock the orcladmin Password
204900.1 -What oidpasswd Utility Does and the Objects it Modifies (ODS and ODSCOMMON)
472752.1 -How to Unlock/Reset Super User cn=orcladmin When the ODS’s Password Has Been Forgotten ?

Good Metalink Notes or Documentation on Apps 11i/R12/12i Patching

Here are few good metalink notes to understand Oracle Apps Patching (adpatch), You need Metalink Account to access these notes.

181665.1 - Release 11i Adpatch Basics

457566.1 - Oracle Applications Patching FAQ for Release 11i

459156.1 - Oracle Applications Patching FAQ for Release 12

60766.1 - 11.0.x : Patch Installation Frequently Asked Questions

225165.1 - Patching Best Practices and Reducing Downtime

314540.1 - What Log Files are Generated with Adpatch, and Where are They Located?

175485.1 - How to Apply an 11i Patch When adpatch is Already Running

136342.1 - How To Apply a Patch in a Multi-Server Environment

374915.1 - HRMS PATCH INSTALL FAQ

342035.1 - How to Show the Patch History for Merged Patches in OAM

228779.1 - How to Merge Patches Using admrgpch

432597.1 - Reducing Down Time When Applying Patch for Oracle E-Business Applications 11i

231701.1 - How to Find Patching History (10.7, 11.0, 11i)

235447.1 - Application Install AutoPatch Setup Test

R12 Instance Home Overview

Oracle Applications/E-Business Suite Release 12 introduces a new concept of a top-level directory for an Applications Instance which is known as Instance Home and is denoted the environment variable $INST_TOP.
Instance Home contains all the config files, log files, SSL certificates etc.

Advantages of new INSTANCE HOME

The additional Instance Home makes the middle tier more easy to manage and organised since the data is kept separate from the config files. The Instance Home also has the ability to share the Applications and Technology stack code across multiple instances.

Another advantage of the Instance Home is that the Autoconfig no longer writes anything to the APPL_TOP and ORACLE_HOME directories, everything is now written in the INST_TOP as a result APPL_TOP and ORACLE_HOME can also be made read only file system if required . Earlier say the adpatch used to write the log file in APPL_TOP/admin directory but with the new model the APPL_CONFIG_HOME/admin is used.

To create a new instance that shares an existing middle-tier, just create a new instance_top with proper config files and NFS Mount the middle tier in the server.The basic structure of the Instance Home is:$APPS_BASE/inst/apps/$CONTEXT_NAME or also defined by environment variable $INST_TOP, where APPS_BASE (which does not have or need a corresponding environment variable) is the top level of the Applications installation and $CONTEXT_NAME is the highest level at which the Applications context exists (format $SID_$hostname).

Instance Home Directory Structure

$INST_TOP/admin/scripts ($ADMIN_SCRIPTS_HOME): All AD scripts are located here

$INST_TOP/appl ($APPL_CONFIG_HOME) : For standalone envs, this is set to $APPL_TOP
$INST_TOP/appl/fnd/12.0.0/secure FND_SECURE: The dbc file is located here
$INST_TOP/appl/admin All the env config files are located here

$INST_TOP/certs SSL Certificates go here

$INST_TOP/logs LOG_HOME: Central log file location. All log files are placed here (except adconfig)
$INST_TOP/logs/ora ($ORA_CONFIG_HOME)
$INST_TOP/logs/ora/10.1.2 ‘C’ Oracle home config, Contains tnsnames and forms listener servlet config files
$INST_TOP/logs/ora/10.1.3 Apache & OC4J config home, Apache, OC4J and opmn. This is the ‘Java’ oracle home configuration for OPMN, Apache and OC4J

$INST_TOP/pids Apache/Forms server PID files are located here

$INST_TOP/portal Apache’s DocumentRoot folder

Oracle Apps R12 Forms : Servlet or Socket

Default Forms connection mode in Oracle Applications R12 is “SERVLET” where as in Oracle Apps 11i default form connect mode is “SOCKET” So

What is difference between socket and servlet mode in Forms ?
What are advantages and disadvantages of each ?
Can we change default R12 forms mode from servlet to Socket ?

Oracle Form Servlet Overview in apps R12
——————————————

i) In this mode, Java servlet handles communication between forms client(java based) and Oracle Forms Service (10g).

ii) All connection is via HTTP Server so there is no need to start form server and no need to open form server port on firewall between client machine and application tier.

iii) More secure as compared to Forms Socket Mode.

iv) Network traffic is more as HTTP protocol is more chatty so little bit network bandwidth hungry when compared with SOCKET mode

v) No additional certificate requirement during SSL implementation for application tier, single certificate will handle both forms & web connection.

How to change from default Servlet mode (in apps R12) to Socket mode ?
———————————————————————

Refer to Oracle Metalink Note # 384241.1 Using Forms Socket Mode with Oracle E-Business Suite Release 12

Are there any network overheads of using Forms in Servlet Mode ?
—————————————————————-

Metalink Note # 311091.1 Understanding the Network Overhead Of Forms Servlet Listener Architecture Compared to Forms Server, covers some interesting points w.r.t. network traffic

Advantage & Disadvantages of Forms Servlet Mode

———————————————————-
– Simple SSL Configuration (as no separate ssl configuration is required for Forms as connections are via web/http server)

– No port need to open to access forms in firewall

– More secure method of deployment over Internet

– Result in more network traffic because of HTTP is more chatty than socket (dedicated) so not preferred in WAN implementation.

Difference between Oracle Apps 11i and R12

Database:
Database Version in 11i (11.5.9 & 11.5.10) was 9i Rel 2 where as in Release 12 its 10g R2 (10.2.0.2)

Application Tier:
Tech Stack in Application Tier consist of iAS(1.0.2.2.2) & Developer 6i (Forms & Reports 8.0.6) but in Applications R12 it is build on Fusion Middleware (10g Web Server and 10g Forms & Reports)

Sub component in Application Tier
A) HTTP Server or Web Server in R12 is Version 10.1.3 which is built on Apache version 1.3.34. In apps 11i it is Version 1.0.2.2.2 built on Apache Version 1.3.19
B) Jserv in apps 11i is replaced by OC4J (mod_jserv is replaced by mod_oc4j)
C) Forms Version 6i in Apps 11i is replaced by Forms 10.1.2.0.2 in R12
D) Reports Version 6i in Apps 11i is replaced by Reports 10.1.2.0.2 in R12
E) JDBC version is changed from version 9 in apps 11i to version 10.2.0 in Apps R12
F) modplsql or mod_pls is removed from Apps R12 (What will happen to my mod plsql applications- coming soon* )
G) Java processes use JDK/JRE version 1.5.0 in R12 against JDK version 1.3.1 or 1.4.2 in Apps 11i
H) For various environment variable changes check below picture

I) New top INSTANCE_TOP added in Release 12 for configuration and log files

Clone Apps 11i Instance

Cloning is process of creating replica of your source apps 11i Instance ( lets say you have one apps Instance with name VISIONTST and you want to create similar instance ( including same patches & user data) like VISIONPRD then you will use adclone utility (Also called as Rapid Clone these days). In this case source Instance will be VISIONTST and target Instance will be VISIONPRD. There are lot for scenario in which you wish to clone your E-Business Suite 11i Instance , like you want to Test if everything is OK in Test & then after testing want to create Production instance or you want to move your Instance from one machine to other machine or if you are highly experienced Apps DAB you can use clone as staged environment during Upgrade to reduce downtime ( this concept is called as staged appl_top or staged patching/upgrade , p.s. this is different from shared APPL_TOP)

So here I am putting broad level steps you will use to clone apps instance .

Step1 . Prerequisites Steps you do before start cloning using rapid clone
1.1 Verify source and target nodes software versions
1.2 Apply the latest AutoConfig Template patch
1.3 Apply the latest Rapid Clone patches

Step2 . Clone Source to Target
2.1 Run preclone on DB tier
2.2 Run preclone on Apps or middle tier
2.3 Copy source file system to target file system
2.4 Configure db tier
2.5 Configure apps/middle tier

Step 3 Finishing Task
3.1 Update profile options
3.2 Update printer settings (If printers are not configured or you don’t want to use printer you can skip this step)
3.3 Update workflow configuration settings (Important)

ADPATH Options

adpatch option=[option1,option2, ….optionN]

Below is option value with explanation
options=noautoconfig If you are applying number of patches out of which 4-5 patches run autoconfig then use this option & run autoconfig in last patch or manually (This will save your patching timing , first patch performance tip )
compiledb(def) or nocompiledb Use no compiledb if you have multiple patch then compile database objects in last patch
compilejsp(def) or nocompilejsp Use no compilejsp if you have multiple patch then compile jsp in last patch
copyportion Tells adpatch whether to run commands normally found in a copy driver.
databaseporion Tells adpatch whether to run commands normally found in a database driver.
generateportion Tells adpatch whether to run commands normally found in a generate driver
hotpatch Tells AutoPatch to apply a patch regardless of whether the Oracle Applications system is in maintenance mode.
integrity Tells adpatch whether to perform patch integrity checking, which verifies that the version of each file referenced in a copy action matches the version present in the patch (There are overheads with this)
maintainmrc Tells adpatch whether to automatically maintain the MRC schema after running actions normally found in the database driver. The MRC schema is only maintained if the MRC feature is enabled
prereq Tells adpatch whether to perform prerequisite patch checking prior to running patch driver files that contain actions normally found in the copy driver. (With lateset AD patch , default behaviour is changed from prereq to noprereq)
forcecopy The forcecopy command copies the files in a patch to the Applications file system without comparing the version number of the patch files with existing files

Oracle Apps Patch Basics

Standalone/Oneoff patches : This is used to define patch created to fix single/particular problem.
Mini Pack : This is group of oneoff patches for a particular product like INV, GL, AP and named like 11i.GL.E ( means this group of patches contain fix for 11i GL product (General Ledger till time E is released ) This is cummutative which means it will include 11i.GL.A, 11i.GL.B ….11iGL.D till 11i.GL.E earlier in 10.7 it used to called as patchset.
Family Pack : Group of mini packs in one family buldeled together is called as family pack. they are usually named as 11i_PF. Few example of falilies are SCM ( 11i.SCM_PF.G ), ATG ( 11i.ATG_PF.H ) _PF indicate Product Family Pack
Maintenance Pack : Group of family pack together is called as maintenance pack. So if you say your Verison is 11.5.10 then its maintenance pack 10 ( 3rd digit is maintenance pack ) so

To wind up things you can say

few one off patch make mini pack , few mini pack related to same family bundeled together as family pack & all family pack fixed till that time are bundeled in Maintenance pack .

NLS Patch ( When you have more than one language , like english & arabic or french .. ) then apart from normal patch you have to apply patch for specific language Installed in your system called as NLS patch.

Oracle Workflow Notification Mailer

Oracle Workflow in itself is a Product which is tough to cover in this blog but I am going to cover few important & frequently used components from Oracle Apps DBA point of view which is Workflow Notification Mailer .

Currently with OWF.H (Oracle Work Flow Minipack H) or 11.5.10 Oracle Applications Uses Java Mailer & before that it used to be C Mailer. Some of you who are on 11.5.8 or lower version might still be using wfmail.cfg under FND_TOP . Configuration is quite simple via OAM (Oracle Application Manager) provided you or your unix team setup inbound & outbound mails set up correctly. Notification Mailer will inturn use Operating System command/mail for inbound(for receiving mail) & outbound(for sending mails). At end of this post you can find few metalink notes which cover all things you require to configure Workflow Notification Mailer.
In 11.5.10 Java Notification Mailer is available out of the box , you simply need to configure via Oracle Application Manager .
Below metalink Notes should be enough to configure Workflow Notification Mailer & troubleshooting Mailer ..

Related Links

Metalink Note #

268085.1 Configuring the Oracle Workflow 2.6/11i.OWF.H Java-based Notification Mailer with Oracle Applications 11i

164871.1 Configuring the Workflow Notification Mailer in Oracle Applications Manager 11i

172174.1 WF 2.6: Oracle Workflow Notification Mailer Architecture in Release 11i

Is Oracle Fusion really ConFUSION ?

If you ask question “What is Oracle Fusion ?” to yourself I suppose every one will have different opinion. I would like to hear from you all in your words ( via comments on this post ) about what you think is Oracle Fusion .

Common confusion over Oracle Fusion
Most Common confusion over Fusion among most of guys I discuss/meet & also mentioned by Steven Chan in his post is thinking Oracle Fusion Middleware & Oracle Fusion Applications are same. In actual Oracle Fusion Middleware will be used in providing/building Oracle Fusion Applications using Existing Oracle Applications (Oracle E-Business Suite, Siebel, Peoplesoft, JD Eward).

Oracle Fusion Middleware is collection of Oracle Middleware products i.e.
–Oracle Application Server (Portal, Wireless, Forms, Reports, discoverer, Webcache, OC4J)
– Oracle Identity management (OID, SSO, Web Access Manager, CA, Identity Federation)
–Oracle SOA Suite (Service Oriented Suite)
–Oracle Collaboration Suite (RTC, Mail Server, Discussion, Content, Calendar)
–Oracle DW & BI (BI Beans, OWB, OLAP, Express Server, OSA, OFA, Datamart )
–Oracle development Tools (Designer, developer, SCM, forms, reports)
– Oracle Data hubs

and
Oracle Fusion Applications will be collection of Oracle Applications i.e.
–Oracle E-Business Suite / CRM
–Oracle Peoplesoft enterprise
–Oracle Siebel CRM
–Oracle JD Edward Enterprise

These fusion applications will use Fusion Middleware mentioned above

Few links which talk about Oracle Fusion Middleware & Fusion Applications are

http://blogs.oracle.com/schan/newsItems/departments/fusionApps

http://oracle.anilpassi.com/oracle-fusion-development-tools.html (Good one for developers & techno functional)

http://blog.oraclecontractors.com/?cat=4

http://www.oracle.com/applications/fusion.html (Good one for Oracle Fusion Applications Road Map)

More on Service Oriented Architecture (SOA Suite) and Oracle Fusion coming soon…

Oracle Fusion Middleware Overview

Lets briefly discuss about Oracle Fusion Middleware and one liner on its various components to give you a feel of Oracle Fusion Middleware.

What is Fusion Middleware ?
Oracle Fusion Middleware is a family of oracle product’s which will help in application development and integration solution to Identity Management, Collaboration Suite & Business Intelligence reports.
Various products of Fusion Middleware Family are

Application Server
BPA Suite (Business Process Analysis)
Business Integration
Business Intelligence
Collaboration Suite (Content, RTC, Mail Server, Discussion, Calendar)
Data Hub
Data Integrator Developer Tools
EDA Suite (Event Driven Architecture Suite)
Identity Management
SDP Suite (Service Delivery Platform)
SOA Suite (Service Oriented Architecture)
Web center Suite

For most of us grasping/understanding all of them at once is difficult so I ‘ll be discussing one liner about all these components and later I’ll cover them in detail based on each components importance & use in real world.

Application Server
———————–
This is core component in Oracle Fusion Middleware. Various component of Application Server are Webcache, j2ee, wireless & portal and uses Infrastructure Services like Single Sign-On and Oracle Internet Directory.

Business Process Analysis (BPA)
—————————————
This helps in modelling business process and converting them to IT executable. Various components of BPA suite helps business user to design, model, simulate and optimize business process. This helps in reducing gap between strategy and actual execution of that strategy. Various components of BPA are Architect, Repository, Simulator & Publisher.

Business Integration
————————-
Connecting or Integrating processes, Applications or information with business partners using hot pluggable products which are based on Services Oriented Architecture.

http://teachMeOracle.com/forum