Ignoring the trusted CA certificate warnings when connecting to Node Manager using WLST nmConnect()

Symptoms

When using Weblogic Scripting Tool (WLST) nmConnect() to connect to the node manager, notice warnings are seen for unsupported certificates (after running setWLSEnv.cmd or .sh)


Connecting to Node Manager ...
CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object:
1.2.840.113549.1.1.11.>
<Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
Successfully Connected to Node Manager.

Steps

Java.Lang.OutOfMemoryError In weblogic.WLST Remote Deploy Command


Symptoms


Failure to remotely deploy a very large enterprise application using WLST or the Admin console and getting out of memory error while loading the ear file.
WLSTException: 'Error occured while performing deploy : Target exception thrown while deploying application: Error occured while performing deploy :
Deployment Failed. Error occurred while performing deploy : Deployment Failed.

Use dumpStack() to view the full stacktrace.
The load of a remotely located ear file also fails via the Administration console with the following message:

An unexpected exception has occurred processing your request Message:
  Stack Trace: java.lang.NullPointerException
  at com.bea.console.actions.app.install.Flow.uploadApp(Flow.java:256)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

Cause


The issue was addressed in bug 9456759. As part of the fix, a system property flag weblogic.deploy.UploadLargeFile was added. In WLS 10.3.4 and higher, this flag should be added to the Java startup options for the deployment client if large files are to be deployed. For earlier versions, apply the patch below: no flag is needed.


Solution


Patches are available for Bug 9456759:
PATCH INFORMATION
WLS VersionPatch Number
9.2.2Patch 9456759
9.2.3Patch 9456759
10.0.1Patch 9456759
10.0.2Patch 9456759
10.3.0Patch 9456759
10.3.1Patch 9456759
10.3.2Patch 9456759

Fixed in: 9.2.4, 10.3.4
To apply one of these patches, click on the link for your WLS version and download the appropriate patch from My Oracle Support. You can also search in My Oracle Support for the patch number for your WLS version:


NOTE: Patches are applied per WLS installation and not per domain. That is, if you apply this patch on one WLS installation, then all of the servers from all the domains in that installation will have this patch. On the other hand, if you have a managed server in another machine in a domain (that is, set up with its own WLS installation), you need to install this patch on that other machine as well. Generally, patches can only be applied while the server is not running because WLS locks the needed files while it is running. If, however, you are able to apply a patch while WLS is running, you must restart WLS before the patch will take effect.

WLST Failed Authentication at connect() When Stopping WebLogic Server


Symptoms

Reports have occurred that users are unable to stop WebLogic Server using stopWebLogic.sh with the following error:

Connecting to t3://hostname.domainname:2001 with userid {AES}qFA3rQexfsasfgjdf560srqyGQ15UNglcziS0uR1yJQw= ...
This Exception occurred at Wed Feb 02 16:31:32 PST 2011.
javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: User:
{AES}qFA3rQexfsasfgjdf560srqyGQ15UNglcziS0uR1yJQw, failed to be authenticated.]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:787)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:681)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:469)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:376)
at weblogic.jndi.Environment.getContext(Environment.java:315)

How to use WLST to generate report Of Oracle Weblogic Server.


  • WebLogic Server Uptime.
  • WebLogic Server State (Running, Admin, ... etc).
  • WebLogic Server CPU Usage.

Solution

WLST is a JMX Client that you can use to browse WebLogic Server MBeans. A WLST script can be run as the following:

  1. Add WebLogic Server classes to the CLASSPATH environment variable and WL_HOME\server\bin to the PATH environment variable, where WL_HOME refers to the top-level installation directory for WebLogic Server. You can use the setWLSEnv script to set the required variables:
    Windows: WL_HOME\server\bin\setWLSEnv.cmd
    UNIX: WL_HOME/server/bin/setWLSEnv.sh
  2. Execute:
    > java weblogic.WLST /etc/oracle/scripts/server_state.py
Consider the following example for server_state.py:

# Connect to a WebLogic Server:
connect('weblogic','weblogic1','t3://localhost:7001')

# Change from "serverConfig" JMX tree to "serverRuntime" tree.
serverRuntime()

# Use the following attribute to get the startup time,
# Note that value returned is java long file
# and you have to convert it to a readable date.
actTime = get('ActivationTime')

# Get WebLogic State
thisState = get('State')

# Navigate to the JVMRuntime MBean
cd('JVMRuntime/AdminServer')

# Use the following attribute to get the CPU of the JVM, hence the server:
# You might want to multiply this number by 100 to get a precentage
cpuTime = get('JvmProcessorLoad')*100

# Disconnect from the WebLogic Server
disconnect()

# Import python time package
import time
# Use method 'gmtime' to convert 'ActivationTime' to array of
# Year,Month,Day,Hour,and Seconds
x = time.gmtime(actTime/1000)

print
print
print "Start Time : " + str(x[0]) + "/" + str(x[1]) + "/" + str(x[2]) + " - " + str(x[3]) + ":" + str(x[4])
print "Activation Time: " + str(actTime)
print "State: " + thisState
print "CPU: " + str(cpuTime) + "%"
IMPORTANT: To use attribute 'JvmProcessorLoad', you need to make sure that your domain options "Platform MBean Server Enabled" and "isPlatformMBeanServerUsed" are enabled, so using 'WLS Administration Console,' go to your domain -> Configuration -> General -> Advanced and enable them. A restart is required here.
WLST should print output like:
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'OHS'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

Location changed to serverRuntime tree. This is a read-only tree with ServerRuntimeMBean as the root.
For more help, use help(serverRuntime)

Disconnected from weblogic server: AdminServer


Start Time : 2011/4/30 - 19:13
Activation Time: 1304190828812
State: RUNNING
CPU: 1.8867924528301887%

Deploying an Application using Production Redeployment Strategy with WLST


This document provides steps for deploying applications using the Production Redeployment strategy with WebLogic Scripting Tool (WLST). Production Redeployment provides application users with 24x7, high availability access without interrupted services.

Solution

In this example we assume that we are deploying application names "survey_web.war" (attached to this note) to an Admin Server running on localhost and port 7001. The username and password will be weblogic/weblogic.
  1. Set WebLogic environment variables by running the setDomainEnv script.
     
  2. Connect to WLST offline mode using below command
    java weblogic.WLST
  3. Connect to the domain using below connect command (to go online):
    connect('weblogic','weblogic','t3://localhost:7001')
  4. Initial deployment and subsequent deployments must be accomplished by naming the deployment versions to ensure high availability and continuity of service:
    Please refer below OTN documentation for more details on options
    http://www.oracle.com/pls/as1111/lookup?id=WLSTC202

    For the first time you deploy application, deploy the application using version number in this example, we will take version number as 10-2.

    Syntax: deploy ('<application name>','<source location>', targets='<target server or cluster>', stageMode='<stage, no stage or external stage>', versionIdentifier='<application version>'
    deploy('survey_web','D:/survey_web.war', targets='AdminServer', stageMode='nostage', versionIdentifier='10-2')

    After deploying the application you can use application name with version number "survey_web (10-2)" in active state in console.
     
  5. To deploy the same application with some updates, deploy the application as below in WLST.

    Syntax: deploy('<application name>','<source location>', archiveVersion='<current version of application>', appVersion='<new version of application>')
    deploy('survey_web','D:/survey_web.war', archiveVersion='10-2', appVersion='10-3')

    The new version of application, 10-3 in this case, will be active and the older archiveVersion 10-2 will go into the retire state after deploying the application with WLST command. So you will have two versions of application: one in active state, and other in retired state.

    The version of the application in the retired state will serve all the existing requests. All new requests will be routed to version of application which is active.


How To Delete JMS Messages from a Queue with the WLST

This document describes WebLogic Scripting Tool (WLST) commands to delete messages from a JMS message queue. Sometime, you may need to delete all the messages from JMS queues. However, using the Queues > Monitoring tab in the console, you might encounter an out of memory condition. This can happen because the console tries to load the messages prior to deleting them, leading to the out of memory condition.

Solution

Run the following sequence of WLST commands, substituting your own server's information where necessary:
wls:/offline> connect('weblogic','welcome1','t3://localhost:7001')

wls:/WLST_domain/serverConfig> serverRuntime()wls:/WLST_domain/serverRuntime> cd('JMSRuntime/AdminServer.jms/JMSServers/JMSServer-0/Destinations/SystemModule-0!Queue-0')wls:/WLST_domain/serverRuntime/JMSRuntime/AdminServer.jms/JMSServers/JMSServer-0/Destinations/SystemModule-0!Queue-0> ls()wls:/WLST_domain/serverRuntime/JMSRuntime/AdminServer.jms/JMSServers/JMSServer-0/Destinations/SystemModule-0!Queue-0> cmo.deleteMessages('')

WLST Script to Get WebLogic Server Patch Levels

Configuring


Make sure the user provided in the script can be authenticated in the domain where the script is run.

Instructions


  1. Save the script given as patchingLevel.py.
  2. Modify the parameters for the user and the connection string to the Admin Server.
  3. Set the domain environment using the script <domain_home>/bin/setDomainEnv.sh.
  4. Run the script as follows:
    $ java weblogic.WLST patchingLevel.py

Caution


This sample code is provided for educational purposes only, and is not supported by Oracle Support. It has been tested internally, however, we do not guarantee that it will work for you. Ensure that you run it in your test environment before using.

Script

username = 'admin-username'
password = 'admin-password'
connect(username,password, 'wls-hostname:wls-port')
print version
print "\n"
disconnect()
exit()

How to Access PendingRestartSystemResources in ServerRuntime View via WLST

English: The logo of Oracle Corporation de:Bil...
English: The logo of Oracle Corporation de:Bild:Oracle-Logo.svg he:תמונה:Oracle Logo.jpg (Photo credit: Wikipedia)
When a WLST script is using an attribute “PendingRestartSystemResources” on the ServerRuntime to determine what need to restart automatically (i.e. what shows under the Changes and Restarts Checklist tab), it's observed through WLST that the attribute is either not exposed with 10.3.1 or moved somewhere else. In what circumstances is the “PendingRestartSystemResources” attribute accessible?  How can we make sure that this attribute is never missing from the “serverRuntime()” view?  First lets take a look at the WLST attribute dump snippets from serverRuntime() below:


FROM WLS 10.3.0 (working domain)
-r-- MANReplicationRuntime null
-r-- Name AdminServer
-r-- OpenSocketsCurrentCount 1
-rw- Parent null
-r-- PathServiceRuntime null
-r-- PendingRestartSystemResources null
-r-- RestartRequired false
-r-- RestartsTotalCount 0
-r-- SSLListenAddress null
-r-- SSLListenPort 7002
-r-- SSLListenPortEnabled false

FROM WLS 10.3.1 (Not Working Domain)
-r-- MANReplicationRuntime null
-r-- Name AdminServer
-r-- OpenSocketsCurrentCount 1
-r-- OracleHome C:\Oracle\Middleware
-rw- Parent null
-r-- PathServiceRuntime null
-r-- RestartRequired false
-r-- RestartsTotalCount 0
-r-- SSLListenAddress null
-r-- SSLListenPort 7002

Solution

"PendingRestartSystemResources" attribute has always been excluded in the API documentation.

WLST excludes such attributes from its list of displayed attributes but a couple of options are available:

1) This attribute should be available from a JMX Client (like JConsole) if the user wants to write his or her own JMXClient to retrieve it.
2) WLST has a hidden/unpublished option to set a parameter in the context. The parameter is called "showExcluded'

So, to view "PendingRestartSystemResources" in the serverRuntime() view, after connecting to the server, just execute the showExcluded() command. Then ls() should list all the excluded attributes, which will include "PendingRestartSystemResources".

How to rotate Oracle WebLogic Server logs to avoid large files using WLST

By default, when WebLogic Server instances are started in development mode, the server automatically renames (rotates) its local server log file as SERVER_NAME.log.n.  For the remainder of the server session, log messages accumulate in SERVER_NAME.log until the file grows to a size of 500 kilobytes.

Each time the server log file reaches this size, the server renames the log file and creates a new SERVER_NAME.log to store new messages. By default, the rotated log files are numbered in order of creation filenamennnnn, where filename is the name configured for the log file. You can configure a server instance to include a time and date stamp in the file name of rotated log files; for example, server-name-%yyyy%-%mm%-%dd%-%hh%-%mm%.log.



By default, when server instances are started in production mode, the server rotates its server log file whenever the file grows to 5000 kilobytes in size. It does not rotate the local server log file when the server is started. For more information about changing the mode in which a server starts, see Change to production mode” in the Administration Console Online Help.

You can change these default settings for log file rotation. For example, you can change the file size at which the server rotates the log file or you can configure a server to rotate log files based on a time interval. You can also specify the maximum number of rotated files that can accumulate. After the number of log files reaches this number, subsequent file rotations delete the oldest log file and create a new log file with the latest suffix.


Note: WebLogic Server sets a threshold size limit of 500 MB before it forces a hard rotation to prevent excessive log file growth.

Customizing Oracle WebLogic Server (WLS) Domain Template Log File Settings with WLST Fails

When using the WebLogic Server Scripting Too (WLST) to modify a domain template and customize the log file settings, some changes do not get saved. For example, this option is not saved when configured as true.

newLog.setRotateLogOnStartup(true)

After using the template to create a domain the option is being configured as false.

Cause

It appears that when using production mode, the default for the rotate logs on start-up option is false; but WLST does not recognize this, and will not allow the option to be enabled.

WLST defaults to development mode and will not set options that are standard defaults when in development mode.

Solution


The WLST application is designed to use the development defaults when using offline mode to create domains and will not update the config.xml with entries that are considered the default values.

After the domain has been created, then WLST can use online mode to make changes and it will use the values that exist or are set at that time.

1. Create the domain using the default parameters.

2. Connect in online mode to the newly created domain and modify the parameters that need to be configured for production mode.


Note:This document will apply to any parameter that is set using WLST in offline mode. If the parameter has a default for development mode this will be the default used with offline mode and the parameter can only be changed in online mode.

The documentation for each parameter will usually cover the default values for development and production modes.

Oracle Weblogic Server : How to Disable the Exception Stack Trace in a WLST Script

This document describes how to disable an exception stack trace from writing out to the screen from a WebLogic Scripting Tool (WLST) Python script file. A small demonstration is provided to show how the parameter works.
A Python script file, with try/catch code implemented, will display a stack trace to the screen when the script is executed with WLST.


Here is an example. The abc.py script file is using an invalid password:

try:
  connect('weblogic','invalid_password','t3://localhost:7001')
   print "Successfully connected"
except:
  print "Error while trying to connect!!!"
exit()
Execute the script file as follows, and observe the output shown:

/WLS/bea1030/wlserver_10.3/common/bin>wlst.sh abc.py
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to t3://localhost:7001 with userid weblogic ...
This Exception occurred at Fri Apr 22 05:34:13 IST 2011.
javax.naming.AuthenticationException [Root exception is java.lang.SecurityExcept
ion: User: weblogic, failed to be authenticated.]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(Exceptio
nTranslator.java:42)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLIni
tialContextFactoryDelegate.java:783)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialCo
ntextFactoryDelegate.java:677)
.
.
.
.
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.jav
a:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Error while trying to connect!!!

Exiting WebLogic Scripting Tool.

Solution

To resolve the issue, use the following script which redirects the stack trace to a temp file and then deletes the temp file in the end:

import tempfile
import os
wlstOut = tempfile.mktemp(suffix="_wlst.txt")
redirect(wlstOut,"false")
try:
   connect('weblogic','weblogic','t3://localhost:7001')
   stopRedirect()
   print "Successfully connected"
except:
   stopRedirect()
   print "Error while trying to connect!!!"
os.remove(wlstOut)
exit()
Thus running the script now will give following output (excluding the stack trace for the exception), which is the goal:
/WLS/bea1030/wlserver_10.3/common/bin>wlst.sh abc.py

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to t3://localhost:7001 with userid weblogic ...

Error while trying to connect!!!

Exiting WebLogic Scripting Tool.

How to Change Oracle Weblogic Server User Password Using WLST

1. Setting environment variable
    a. go to directory $WLS_HOME/wlserver_10.3/server/bin
    b. source file setWLSEnv.sh  as command: . setWLSEnv.sh .

My Configurations

1. Create a domain which name is test1032,
2. Weblogic admin user name is weblogic, password is weblogic1.
3. Create test user, which name is test and password is weblogic1.



Instructions

$java weblogic.WLST changepw.py <Domain Name> <Admin URI> <Admin user> <Admin password> <user name> <user password>

<Domain Name> : the domain name which need to change user password. e.g. test1032
<Admin URI>   : weblogic server adminstration URL, e.g. t3://localhost:7001
<Admin user>  : weblogic admin user, e.g. weblogic
<Admin password>  : admin user password, e.g. weblogic1
<user name>       : the user who need to change password. e.g. test
<user password>   : new user password. .e.g welcome1


Script

1. create file named /home/zsy/changepw.py which contents as below:

if len(sys.argv) != 7:
print 'Usage: java weblogic.WLST changepw.py <Domain Name> <Admin URI> <Admin user> <Admin password> <user name> <user password> '
sys.exit(1)

DomainName = sys.argv[1]
ADMINUrl = sys.argv[2]
ADMINuser = sys.argv[3]
ADMINPwd = sys.argv[4]
UserToChange = sys.argv[5]
NewUserPassword=sys.argv[6]

print "DomainName: %s" % (DomainName)
print "ADMINUrl: %s" % (ADMINUrl)
print "ADMINuser: %s" % (ADMINuser)
print "AdminPassword: %s" % (ADMINPwd)
print "UserToChange: %s" % (UserToChange)
print "NewUserPassword: %s" % (NewUserPassword)


print ' ---- Connecting to domain with user: '+ADMINuser+' ------- '
print ' '
connect(ADMINuser,ADMINPwd,ADMINUrl)
cd('/SecurityConfiguration/'+DomainName+'/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator')
print 'Changing password for user: '+UserToChange
cmo.resetUserPassword(UserToChange,NewUserPassword)

print ' ---- Password for User: '+UserToChange+' changed Successfully --- '
print ' '
disconnect()
print ' '

disconnect()

2. The command to run above script, e.g. change password from weblogic1 to weblogic
java weblogic.WLST changepw.py test1032 t3://localhost:7001 weblogic weblogic1 test welcome1

Sample Output

$ java weblogic.WLST changepw.py test1032 t3://localhost:7001 weblogic weblogic1 test welcome1

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

DomainName: test1032
ADMINUrl: t3://localhost:7001
ADMINuser: weblogic
AdminPassword: weblogic1
UserToChange: test
NewUserPassword: welcome1
---- Connecting to domain with user: weblogic -------

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'test1032'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

Changing password for user: test
---- Password for User: test changed Successfully ---

Disconnected from weblogic server: AdminServer


You will need to be connected to a running server to execute this command


HTTP 500 Errors From WLS Within the Apache Proxy Log for a HTTP Proxy Service


Using Oracle Service Bus user faces HTTP 500 internal server errors intermittently in access.log for OSB http proxy requests.

By enabling pipeline debug getting the following exceptions :
<[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1294866198373> error handler
com.bea.wli.sb.pipeline.PipelineException: OSB Assign action failed updating variable "body": Could not load the translet class 'transformXMLtoICONHTML'.
at stages.transform.runtime.AssignRuntimeStep.processMessage(AssignRuntimeStep.java:66)

Cause

This issue is caused by a known apache XLSTC issue. For details see https://issues.apache.org/jira/browse/XALANJ-1549 .


Solution


To fix this, use another xslt library by using the standard system property i.e.

javax.xml.transform.TransformerFactory.

For example, to use the weblogic implementation, you can specify this as a system property in setdomainenv script:
-Djavax.xml.transform.TransformerFactory=weblogic.apache.xalan.processor.TransformerFactoryImpl

Oracle WebLogic Server - Apache Proxy log Throws READ_ERROR_FROM_FILE


There are reports of requests failing and the Apache Proxy log throwing "READ_ERROR_FROM_FILE" and "Cannot read 0 bytes of postData from tmp file" exceptions in WebLogic Server.
Below is the exception in Apache proxy logs at the time of the issue:
READ_ERROR_FROM_FILE [os error=0, line 144 of ap_proxy.cpp]: Cannot read 0 bytes of postData from tmp file '/tmp/_wl_proxy/_post_916_xxx

Cause

The problem is related to network latency and file caching. When the POST data in a request is greater than 2048 bytes and when FileCaching is set to ON, the POST data is first read into a temporary file on disk and then forwarded to the WebLogic Server in chunks of 8192 bytes.

Solution

To resolve this issue disable File Caching on the Apache web server.
To disable File Caching, in the Apache configuration under <IfModule mod_weblogic.c>, add the setting below:
FileCaching OFF

CONNECTION_REFUSED when accessing WLS via Apache plugin on Linux


You have successfully installed the Apache 2.2 proxy plugin on your WebLogic Server, but you cannot connect to the WLS servers via the proxy. Errors similar to the following are seen in the proxy log file:
Tue Mar 6 20:19:43 2012 <1959713310867732> INFO: New NON-SSL URL
Tue Mar 6 20:19:43 2012 <1959713310867732> Connect returns -1, and error no set to 13, msg 'Permission denied'
Tue Mar 6 20:19:43 2012 <1959713310867732> Error connecting to host 123.123.123.123:7010
Tue Mar 6 20:19:43 2012 <1959713310867732> *******Exception type [CONNECTION_REFUSED] (Error connecting to host 123.123.123.123:7020 errno = 13) raised at line 1723 of ../nsapi/URL.cpp

Cause

Error 13 (Permission denied) is a low-level OS error. Outbound TCP connections are required for the proxy to work, but Apache was unable to achieve such connections. There are two possible root causes:
  1. There is a firewall between the WLS servers and the proxy host which is filtering connections to the WLS servers. You can test this by running a simple telnet command on the Apache box to any WLS server:
    telnet 123.123.123.123 7010
    Replace 123.123.123.123 and 7010 with the actual IP address and port of your WLS Admin Server.

Apache plugin got error: could not resolve hostname

When using proxy plugin, it can not send request to backend server and shows error:
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF

 Check plugin log, it shows error:

Mon Oct 15 19:39:21 2012 <610013502903531> parseJVMID: Parsing JVMID '2032779470!ede-dev-app!7813!7713'
Mon Oct 15 19:39:21 2012 <610013502903531> parseJVMID: Actually parsing '2032779470!ede-dev-app!7813!7713'
Mon Oct 15 19:39:21 2012 <610013502903531> parseJVMID: could not resolve hostname 'ede-dev-app'. Returning NULL from parseJVMID
Mon Oct 15 19:39:21 2012 <610013502903531> ### Got a new Server List of length 0 ###
Mon Oct 15 19:39:21 2012 <610013502903531> canRecycle: conn=1 status=200 isKA=1 clen=356 isCTE=0
Mon Oct 15 19:39:21 2012 <610013502903531> closeConn: pooling for '10.136.140.21/7813'
Mon Oct 15 19:39:21 2012 <610013502903531> closeConn: cannot recycle connection to '10.136.140.21/7813', no matching entry in list!

In config.xml, it defines listen address as DNSname, like:

 <server>
   <name>maKa0201</name>
   .......
   <machine>ede-dev-app</machine>
   <listen-port>7813</listen-port>
   <cluster>caKa02</cluster>
    ......
   <listen-address>ede-dev-app</listen-address>
    .......
 </server>
 Or it defines cluster address as comma-separated list of DNS names of the cluster members, like:

Apache Cannot Connect to WebLogic Server with SSL Communication


Trying to configure Apache web servers in front of a cluster WLS server, but can't get the Apache working with SSL communication. In the wl_proxy log it shows:

Fri Nov 19 18:10:29 2010 <3058212901614292> *******Exception type [READ_ERROR_FROM_SERVER] (socket read failure) raised at line 251 of ../nsapi/Reader.cpp
Fri Nov 19 18:10:29 2010 <3058212901614292> caught exception in readStatus: READ_ERROR_FROM_SERVER [os error=104, line 251 of ../nsapi/Reader.cpp]: socket read failure at line 963
Fri Nov 19 18:10:29 2010 <3058212901614292> PROTOCOL_ERROR: Backend Server not responding - isRecycled:0
Fri Nov 19 18:10:29 2010 <3058212901614292> Marking aaa.bb.cc.ddd:7102 as bad
Fri Nov 19 18:10:29 2010 <3058212901614292> got exception in sendRequest phase: Backend Server not responding at line 3702
Fri Nov 19 18:10:29 2010 <3058212901614292> Failing over after sendRequest() exception: PROTOCOL_ERROR as Idempotent is set to ON
Fri Nov 19 18:10:29 2010 <3058212901614292> attempt #2 out of a max of 5
Fri Nov 19 18:10:29 2010 <3058212901614292> general list: trying connect to 'aaa.bb.cc.ddd'/7102/7102 at line 3188 for '/GiftCard_106_UAT/'
Fri Nov 19 18:10:29 2010 <3058212901614292> SSL is not configured for this connection
Fri Nov 19 18:10:29 2010 <3058212901614292> Local Port of the socket is 35895
Fri Nov 19 18:10:29 2010 <3058212901614292> Remote Host aaa.bb.cc.ddd Remote Port 7102
Fri Nov 19 18:10:29 2010 <3058212901614292> URL::connect SSLConn for reader is not set as it is NULL

Cause

The SSL configuration is wrong. You need to add the needed SSL libraries to LD_LIBRARY_PATH into the file /etc/profile. For example, add the following lines at the bottom. You may already have the LD_LIBRARY_PATH variable defined. If so, simply add this path to it.

For instance:
LD_LIBRARY_PATH=/usr/lib/httpd/modules/
export LD_LIBRARY_PATH

Solution

The SSL libraries are missing in LD_LIBRARY_PATH. LD_LIBRARY_PATH MUST be set and MUST have a pointer to the directory where the SSL .so modules are.



Issues about KeepAlive between Apache Plug-In and WebLogic Server


Sometime after WebLogic Server is running for a while, the network administrator will see there are many connections staying in FIN_WAIT2 state on the WLS side and CLOSE_WAIT state on the Apache side.
Customer environment includes 50+ WLS instances and several Apache servers, as well as some F5 load balancers between WLS and Apache.
The Apache httpd.conf include the following lines:

...
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30
...
<IfModule mod_weblogic.c>
WebLogicHost aa.b.c.ddd
WebLogicPort 80
MatchExpression *
KeepAliveEnabled ON
KeepAliveSecs 30
</IfModule>

Oracle Weblogic Server: Configure Apache With SSL Certificates To Forward Requests To WebLogic Server Environment


This article provides detailed steps to configure Apache with SSL in a WLS environment.
This process will successfully setup SSL communication between the client (browser) and the Apache Web Server as well as SSL (https) communication between the Apache Web Server and the WebLogic Server.
At a high level, the following steps are implemented:
  1. Create a valid certificate from Verisign.
  2. Configure Apache plugin to use SSL using the new certificate.
  3. Configure WLS to use the new certificate.
  4. Test SSL proxy request to WLS.

Solution

Apache configuration

  1. Install Apache 2.2.
  2. Include the following in httpd.conf file:
    LoadModule weblogic_module modules/mod_wl_22.so
    Note that this filename is different in different versions of the WebLogic plug-in: change the filename as needed for your version.
  3. Copy the mod_wl_22.so from the folder: <WebLogic_Home>\server\plugin\win\32 to <Apache_Home>\modules. Note that this filename is different in different versions of the WebLogic plug-in: change the filename as needed for your version.
  4. Uncomment LoadModule ssl_module modules/mod_ssl.so in httpd.conf
  5. Uncomment include conf/extra/httpd-ssl.conf in httpd.conf.
  6. Now run the following commands in apache:
    set OPENSSL_CONF=F:\apache2.2\conf\openssl.cnf
    > />openssl genrsa -des3 -out localhost.key 1024
    Enter pass phrase:
    > />openssl req -new -key localhost.key -out localhost.csr> />> />
    It will generate the CSR file. Place the CSR file in a particular folder.

Oracle Weblogic Server: Apache 2.4 Crash When WLS Plugin 12c Is Loaded

As soon as the weblogic 12c plugin is loaded (using LoadModule weblogic_module /opt/apache/wl_12c_plugin/lib/mod_wl_24.so), Apache throws a core dump on startup.
With the equivalent configuration (and switching to mod_wl.so), Apache 2.2.x works ok.

In order to determine the cause of the crash, run a debugger such as dbx or gdb on the core file.



The following shows the commands to be executed for dbx 


(dbx) threads ("shows the state of the existing threads")
o>    t@1  a  l@1   ?()   signal SIGSEGV in  strcmp()
(dbx) where -l ("shows a summary of the stack including the library name with function name")

current thread: t@1
=>[1] libc.so.1:strcmp(0x100319048, 0x44000000, 0xbc319048, 0x2f73746174696300, 0x8080808080808080, 0x101010101010101), at 0xffffffff7d63c130
[2] mod_wl_24.so:cmd_Excludes(0xffffffff7ffff640, 0x100313028, 0x100319048, 0x100313028, 0x12b644, 0xffffffff7cc8d638), at 0xffffffff7cc64270
[3] httpd:invoke_cmd(0xffffffff7cd9a4c0, 0xffffffff7ffff640, 0x1002cd568, 0x0, 0xffffffff7cd9a4c0, 0xa030), at 0x100058284
[4] httpd:ap_walk_config_sub(0xffffffff7cd99c10, 0xffffffff7ffff640, 0x10029db28, 0x1002cbdf0, 0x1002cd568, 0x0), at 0x1000590a8
[5] httpd:ap_process_config_tree(0x10028afd8, 0x1002cf940, 0x1002577e8, 0x10028bbc8, 0x230, 0xffffffff7e824e40), at 0x10005a4bc
[6] httpd:main(0x1002577e8, 0x1002558c8, 0x9de8, 0x100248878, 0x100248850, 0x6), at 0x100032158
(dbx) dis strcmp
dbx: warning: unknown language, 'c' assumed
0xffffffff7d63c060: strcmp       :      subcc    %o0, %o1, %o2
0xffffffff7d63c064: strcmp+0x0004:      be,pn    %xcc,strcmp+0xf4       ! 0xffffffff7d63c154
0xffffffff7d63c068: strcmp+0x0008:      sethi    %hi(0x1010000), %o5
0xffffffff7d63c06c: strcmp+0x000c:      andcc    %o0, 7, %o3
0xffffffff7d63c070: strcmp+0x0010:      bset     257, %o5
0xffffffff7d63c074: strcmp+0x0014:      be,pn    %xcc,strcmp+0x44       ! 0xffffffff7d63c0a4
0xffffffff7d63c078: strcmp+0x0018:      sllx     %o5, 32, %o4
0xffffffff7d63c07c: strcmp+0x001c:      dec      8, %o3
0xffffffff7d63c080: strcmp+0x0020:      ldub     [%o1 + %o2], %o0
0xffffffff7d63c084: strcmp+0x0024:      ldub     [%o1], %g1
(dbx) frame 1
0xffffffff7d63c130: strcmp+0x00d0:      ldx      [%o1], %g1
(dbx) regs
current thread: t@1
current frame:  [1]
g0-g1    0x0000000000000000 0xffffffff7d63c060
g2-g3    0x0000000100313028 0x000000000000b350
g4-g5    0x000000000000b000 0x00000000829c3c00
g6-g7    0x0000000000000000 0xffffffff7da00200
o0-o1    0x0000000100319048 0x0000000044000000
o2-o3    0x00000000bc319048 0x2f73746174696300
o4-o5    0x8080808080808080 0x0101010101010101
o6-o7    0xffffffff7fffe921 0xffffffff7cc64270
l0-l1    0x0000000000000000 0xffffffff7cd8f7c8
l2-l3    0x0000000100319050 0x0000000000000010
l4-l5    0x0000000000000020 0xffffffff7cd99c10
l6-l7    0x0000000000004608 0x000000010022c770
i0-i1    0xffffffff7ffff640 0x0000000100313028
i2-i3    0x0000000100319048 0x0000000100313028
i4-i5    0x000000000012b644 0xffffffff7cc8d638
i6-i7    0xffffffff7fffe9d1 0x0000000100058284
y        0x0000000000000000
ccr      0x0000000000000044
pc       0xffffffff7d63c130:strcmp+0xd0    ldx      [%o1], %g1
npc      0xffffffff7d63c134:strcmp+0xd4    cmp      %o3, %g1


Oracle Weblogic Server: Key WLST Node Manager Commands

The Node Manager helps you remotely control WebLogic Server instances. WLST Node Manager commands help you access the Node Manager features. Following are examples that explain how to use the most important WLST Node Manager commands, from a day-to-day operational standpoint.

Connect to Node Manager

Assuming the Node Manager is already running (for example, started from the Windows service), you need to connect to the Node Manager using the nmConnect command before you run any of the Node Manager WLST commands. Note that you must specify a domain name (wl_server in this example) when you connect to the Node Manager.

cd C:\MyOra\Middleware\wlserver_10.3\common\bin
C:\MyOra\Middleware\wlserver_10.3\common\bin>wlst.cmd

wls:/offline> nmConnect('weblogic', 'welcome1', 'localhost', '5556', 'wl_server',
'C:\MyOra\Middleware\wlserver_10.3\samples\domains\wl_server','ssl')
Successfully Connected to Node Manager.

Note that in a production environment, you must first execute the nmEntroll command to enroll the machine on which the Node Manager is running before executing the nmConnect command to connect to the Node Manager. By executing the nmEnroll command, you ensure that the Node Manager credentials are available to the Managed Servers that the Node Manager manages. You run the nmEnroll command only once on each machine in a WebLogic domain.

Oracle Weblogic Server: Stopping the Node Manager

The simplest way to shut down the Node Manager is to just close the command shell in which it runs. You can also invoke the WLST stopNodeManager command in the online or offline mode. The command stops a running Node Manager process. This will not work with the scripted version of Node Manager, though.

cd C:\MyOra\Middleware\wlserver_10.3\common\bin
wlst.cmd
wls:/offline> nmConnect('weblogic', 'welcome1', 'localhost', '5556', 'wl_server',
'C:\MyOra\Middleware\wlserver_10.3\samples\domains\wl_server','ssl')
wls:/nm/wl_server> stopNodeManager()

If you try to shut down the Node Manager with the stopNodeManager command when you haven't started the Node Manager with the startNodeManager command, you'll get the following error:

wls:/nm/wl_server> stopNodeManager()
Traceback (innermost last):
...
weblogic.management.scripting.ScriptException: weblogic.management.scripting.ScriptException:
Error occured while performing startNodeManager : Problem stopping
the Node Manager. : Disabled command: QUIT
Use dumpStack() to view the full stacktrace

However, you can successfully stop the Node Manager process, even if you haven't started the Node Manager with the startNodeManager command, provided you've specified the property QuitEnabled=true when starting the Node Manager. You can specify the QuitEnabled property in the nodemanager.properties file. Once you do this, you can start the Node Manager as a Windows service and stop the service remotely via WLST.

Oracle Weblogic Server: Exploring the Installation Directories

We have two major home directories—Oracle Middleware Home and Oracle WebLogic Server Home. The Oracle Middleware Home directory is where all the WebLogic Server and other middleware product files are located—it's the top-level directory for all Oracle Fusion Middleware products, including the Oracle WebLogic Server. See Middleware Home Directory as below



DirectoryContents
/coherence_3.6Home Directory for Oracle Coherence
/jdk160_21Directory for the default Sun JDK
/jrockit_160_22_D1.1.1-3Directory for the JRockit JDK
/logsLocation for various log files, including those for WLST
/modulesLocation for modules such as Apache Ant
/oepe_11gR1PS3Files related to Oracle Enterprise Package for Eclipse
/user_projectsStandard location for domains
/utilsVarious utilities such as cloning scripts and QuickStart
/wl_server_10.3WebLogic Server Home directory

WebLogic Server Home
The WebLogic Server home is simply the directory where I installed WebLogic Server, and by default it's located in the MW_HOME\wlserver_10.3 directory. You refer to this home as the WL_HOME directory, distinguished from the Oracle Middleware Home directory, which in my example is C:\MyOra\Middleware. Thus, the complete path of the WebLogic Server home is C:\ MyOra\Middleware\wlserver_10.3.
Under the WebLogic Server Home (WL_HOME), you'll find the following directory structure:
art /bugsfixed
art /common
art /inventory
art /samples
art /server
art /sip
art /uninstall
The bin directory under the WL_HOME server directory contains the startNodeManager script to start up the Node Manager. Under the /samples directory you'll find the default domains installed by the Oracle Installer with the help of the WebLogic Server Configuration Wizard when you chose to install the examples during the installation process. There are three such domains, all located under the /samples directory. The domains are actually in the WL_HOME/samples/ domains directory. When you open this directory, you'll find three domain directories, one for each of the domains the installer creates for you. These are the medrec, medrec-spring, and wl_ server domains. The next section explores the contents of these domain directories, all of which have the same structure.
WebLogic Server Domain Directory
Each domain that you create will have the following directory structure:
art /bin
art /config
art /console-ext
art /init-info
art /lib
art /nodemanager
art /security
art /servers
Under the /bin directory of each domain is where you'll find the various scripts to start and stop the Admin and Managed Servers, such as startWebLogic.cmd and stopWebLogic.cmd. Note that UNIX versions of these scripts are also located in this directory.The all-important domain configuration file, config.xml, is stored in the /config directory.