3 Known Issues and Workaround

This chapter describes the issues associated with Oracle Platform Security Services.

Node Manager Fails to Start After Configuring Oracle User Messaging Service and Oracle HTTP Server

Issue

Impacted Platform: Generic

In a cluster environment, the node manager may fail to start if you have configured Oracle User Messaging Service (UMS) and Oracle HTTP Server in a domain with Oracle Real Application Clusters (RAC) multi data sources.

Workaround

In a clustered environment with RAC setup, you may have to increase the maximum number of connections allowed on the database server. Set this value to the sum of maximum number of connections per data source for each WebLogic Server. For example, when Oracle RAC is used with three nodes (two WebLogic Servers with three Oracle RAC data sources), set the maximum number of connections to 600 (2 x 3 x 100).

Messages Metrics Rendered as Unavailable in the Performance Page for User Messaging Server

Issue

Impacted Platform: Generic

When no metric data is found (for example when no messages are sent or received after server setup), the Metrics Performance page displays Unavailable. This is not a problem with the software, and the Performance reporting is operating properly. As soon as Send and Receive traffic exists, the Performance page displays results normally. The UMS server home page may also display the message counts (in Statistics section) as Unavailable.

Workaround

No workaround available.

User Messaging Service URLs Unavailable After Restart

Issue

Impacted Platform: Generic

Upon restarting the User Messaging Service server (usermessagingserver) from Oracle Enterprise Manager Fusion Middleware Control or through Oracle WebLogic Console, you may get an error Error 503--Service Unavailable when attempting to access any URLs served by the User Messaging Service server such as the User Preferences UI (/sdpmessaging/userprefs-ui) or the various Web Services endpoints. This error occurs intermittently in cases when the Oracle WebLogic Server is heavily loaded (such as with a SOA instance). 

Workaround

  • Restart the User Messaging Service server again (two or more restarts may be required).

  • If multiple User Messaging Service server restarts are not sufficient, then restart the entire Oracle WebLogic Server instance.

Exceptions Occur While Registering Multiple Drivers and Access Points

Issue

Impacted Platform: Generic

Access Points are registered in a new transaction meaning that if the client application registers Access Points in a transaction that is roll-backed, the Access Points are still stored.

Workaround

If the Access Points must be removed, deregister the Application as described in 5.1.2 Deregistering Messaging Client Applications at Administering Oracle User Messaging Service.

User Messaging Service schema does not have connect button in the Upgrade Assistant

Issue

Impacted Platform: Generic

While upgrading the UMS schema using Oracle Fusion Middleware Upgrade Assistant, if the Individually Selected Schemas option is chosen, the connect button that is used to obtain connection to the database and the drop-down list that is used to populate the available UMS schema names will not be present. 

Workaround

Manually enter the value for schema name.

Message resend from EM Message Status page failed

Issue – Resend for deployment with unclustered managed servers

Impacted Platform: Generic

In a domain with UMS deployed in multiple unclustered managed servers, the Message Status page in EM for one UMS server can display messages sent through another server in the domain. Resending a message that was originally sent from another server will result in a resend failure. A resend operation must be attempted from the same server through which the message was originally intended to be sent.

Workaround

To resend the message through another server, navigate to the Message Status page of the right UMS server target in the domain and resend. For example, in a domain with two managed servers (a_ums_server and b_ums_server), perform the following steps for a proper resend:

  1. Select target "usermessagingserver (a_ums_server)" from the left navigation tree, and click the Message Status menu item. The page displays all messages in the message status table, based on the default search criteria.

  2. Click a message in the table and view the Message Details of the message to determine the UMS server used for the original send of the message.

    For instance, if the value of the Engine parameter for the selected message is "/unclustered_base_domain/base_domain/b_ums_server/usermessagingserver", the current target server (a_ums_server) does not match the server in the Engine parameter (b_ums_server). Clicking Resend button for this selected message results in the following error: 

    Invalid server selected for resend message operation.

  3. To resend this message, navigate to the "usermessagingserver(b_ums_server)" in the left navigation tree. Click the message, verify that the target name and server name in the Engine details match, and click Resend.

Issue – Resend for deployment with multiple clusters

Impacted Platforms: N/A

In a domain with UMS deployed in multiple clusters, the Message Status page in EM for one UMS server (belonging to a cluster) can display messages sent through another server in the domain. Resending a message that was originally sent from another server (belonging to a different cluster) will result in a resend failure. A resend operation must be attempted from the same cluster through which the message was originally intended to be sent. To resend the message through another cluster, navigate to the Message Status page of the right UMS server target (one of the UMS servers in the right cluster) in the domain and resend.

Workaround

For example, in a domain with two clusters (a_ums_cluster and b_ums_cluster) with each cluster containing two managed servers (a_ums_cluster with a_ums_server1 and a_ums_server2, b_ums_cluster with b_ums_server1 and b_ums_server2), perform the following steps for a proper resend:

  1. Select target "usermessagingserver (a_ums_server1)" from the left navigation tree and click the Message Status menu item. The page displays all messages in the message status table based on the default search criteria.

  2. Click a message in the table, and view the Message Details section of the message to determine the UMS server used for the original send of the message.

    As seen in the sample, the value of the Engine parameter for the selected message is "/cluster_base_domain/base_domain/b_ums_server1/usermessagingserver".

    Since the target server (a_ums_server1) and the server in the Engine parameter (b_ums_server1) do not belong to the same cluster, clicking Resend button for this selected message will result in the following error: 

    Invalid server selected for resend message operation

  3. To resend this message, navigate to the "usermessagingserver (b_ums_server1)" in the left navigation tree, click the message, verify that the target name and server name in the Engine details match (or are in the same cluster), and click Resend.

WLST command manageUserCommunicationPrefs has changed

Issue

Impacted Platform: Generic

The function of WebLogic Scripting Tool (WLST) command manageUserCommunicationPrefs has changed. The WLST command no longer connects to the managed server during command execution. The WLST command now reuses the MBeanServer connection to connect to the managed server. Due to this, the connecting URL, username, and password are deleted from all variants of the manageUserCommunicationPrefs command.

Configuration Issues and Workarounds

This section describes the configuration issues and their workarounds.

Use Correct SSL Trust Store When Configuring Drivers

Issue

Impacted Platform: Generic

Before configuring any User Messaging Service Driver (such as the Email Driver) to connect to a remote gateway using SSL, ensure that the SSL Trust Store is properly configured. For more information, see Oracle WebLogic Remote Console Online Help.

Ensure that the value of the JVM system property (javax.net.ssl.trustStore), if set in $DOMAIN_HOME/bin/setDomainEnv.sh (or Windows equivalent file), points to the correct trust store that you want to use. The Java Standard Trust Store is located at:

$JAVA_HOME/jre/lib/security/cacerts or $BEA_JAVA_HOME/jre/lib/security/cacerts

With the default out-of-the-box configuration of SSL trust store (the Java Standard Trust Store), the UMS driver will be able to connect to the Oracle Beehive Email Server over SSL. Note that in some installations, for example when you have SOA installed the Java Standard Trust Store is replaced by a Demo Trust Store. In such situations, the Trust Store may not contain the valid root certificate needed by Oracle Beehive Email Server.

Workaround

To resolve this issue, follow the instructions for using the correct SSL trust store. Replacing the DemoTrustkeystore in the setDomainEnv.sh file (or Windows equivalent file) with the Java Standard SSL trust store enables UMS email driver to connect successfully over SSL to the Oracle Beehive Email Server.

WebLogic Administrator cannot update UMS configuration in Enterprise Manager

Issue

Impacted Platform: Generic

The WebLogic administrator does not have the permission to edit the User Messaging Service (UMS) configuration in the Enterprise Manager for multi-tenancy. Therefore, the add, edit, and delete buttons for the driver configuration page as well as the user preference configuration page are disabled for the WebLogic administrator.

Workaround

To edit the UMS configuration, you need to log in as a partition administrator.

Use Custom Certificate Store in WebLogic with GlobalSign Root Certificates

Issue

Impacted Platform: Generic

To connect to Google Trust Services, you must have GlobalSign root certificates which are added to each JDK cacert by default.

Note:

This is applicable when using custom certificate store in WebLogic for managed server.

When WebLogic is configured with a custom trust certificate store that does not have GlobalSign root certificates, the connection to googleapis.com fails and throws the following error message.

unable to find valid certification path to requested target

Workaround

Import the global root certificate with keytool to the custom certificate store configured in WebLogic.

Download GlobalSign root certificates under GlobalSign Root R1 from GlobalSign.

You must verify the hostname of the managed server by ensuring the following options are enabled for the hostname verification:
  • None
  • Wildcard Hostname Verifier
Ensure the following option is disabled:
  • BEA Hostname Verifier