OIM 12c Server unable to start and throws error "Issue seen during keystores generation.. Keystore was tampered with, or password was incorrect"

Environment: Windows, OIM 12.2.1.3.0

1. Topology Details :-

Topology	Status
Cluster	false
SSL	false
Upgrade Setup	false

2. System Level Details :-

SysLevelDetail	Path
JAVA_HOME	D:\Java\jdk1.8.0_151
OIM_HOME	D:/idm12c/idm/server
JDK Version	1.8.0_151
MIDDLEWARE_HOME	D:/idm12c
DB Version	Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
DOMAIN_HOME	D:/idm12c_config/iam_domain

Issue: OIM managed server not able to start

Error in logs: 

(self-tuning)'] [userId: <anonymous>] [ecid: 5c15e6e0-8cf5-4cc9-b3ae-76813d10f682-0000000b,0] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] [[

Issue seen during keystores generation..

Keystore was tampered with, or password was incorrect

]]

[2017-11-22T16:30:39.237+05:30] [oim_server1] [ERROR] [] [oracle.iam.OIMPostConfigManager] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 5c15e6e0-8cf5-4cc9-b3ae-76813d10f682-0000000b,0] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] [[

Issue seen during keystores generation..

]]

[2017-11-22T16:30:39.239+05:30] [oim_server1] [ERROR] [] [oracle.iam.OIMPostConfigManager] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 5c15e6e0-8cf5-4cc9-b3ae-76813d10f682-0000000b,0] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] Exception occurred during generation of keystores.[[

java.lang.Exception: Exception occurred during generation of keystores.

                at oracle.iam.OIMPostConfigManager.config.util.EncryptConfigurationAndDB.encryptConfiguration(EncryptConfigurationAndDB.java:161)

                at oracle.iam.OIMPostConfigManager.config.OIMConfigManager.encryptConfiguration(OIMConfigManager.java:5319)

                at oracle.iam.OIMPostConfigManager.config.OIMConfigManager.executeAndRegisterTask(OIMConfigManager.java:1634)

                at oracle.iam.OIMPostConfigManager.config.OIMConfigManager.configureOIM(OIMConfigManager.java:1556)

                at oracle.iam.OIMPostConfigManager.config.OIMConfigManager.doExecute(OIMConfigManager.java:1175)

                at oracle.iam.OIMPostConfigManager.appListener.BootStrapListener.preStart(BootStrapListener.java:128)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.run(BaseLifecycleFlow.java:240)

                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)

                at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)

                at weblogic.application.internal.ApplicationContextImpl$WLSSecurityProvider.invokePrivilegedAction(ApplicationContextImpl.java:1594)

                at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:201)

                at weblogic.application.internal.flow.HeadLifecycleFlow.prepare(HeadLifecycleFlow.java:245)

                at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:729)

                at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:45)

                at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:241)

                at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:66)

                at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:158)

                at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:65)

                at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:166)

                at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:41)

                at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:193)

                at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:31)

                at weblogic.management.deploy.internal.ConfiguredDeployments$2.doItem(ConfiguredDeployments.java:741)

                at weblogic.management.deploy.internal.parallel.BucketInvoker.invoke(BucketInvoker.java:138)

                at weblogic.management.deploy.internal.ConfiguredDeployments.transitionAppsParallel(ConfiguredDeployments.java:749)

                at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:363)

                at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:232)

                at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:219)

                at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:133)

                at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:76)

                at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1287)

                at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:333)

                at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:375)

                at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:487)

                at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:305)

                at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:85)

                at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2126)

                at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:116)

                at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:698)

                at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:78)

                at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:212)

                at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:235)

                at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:358)

                at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:487)

                at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:305)

                at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:85)

                at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2126)

                at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:116)

                at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:90)

                at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1237)

                at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1168)

                at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$UpOneLevel.run(CurrentTaskFuture.java:786)

                at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:670)

                at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)

                at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)

                at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)

                at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)

                at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:644)

                at weblogic.work.ExecuteThread.execute(ExecuteThread.java:415)

                at weblogic.work.ExecuteThread.run(ExecuteThread.java:355)

]]

[2017-11-22T16:30:39.334+05:30] [oim_server1] [NOTIFICATION] [] [oracle.iam.OIMPostConfigManager] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 5c15e6e0-8cf5-4cc9-b3ae-76813d10f682-0000000b,0] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] [[

[OIM_CONFIG] Configuration Encryption failed.

]]

[2017-11-22T16:30:39.335+05:30] [oim_server1] [ERROR] [] [oracle.iam.OIMPostConfigManager] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 5c15e6e0-8cf5-4cc9-b3ae-76813d10f682-0000000b,0] [APP: oim] [partition-name: DOMAIN] [tenant-name: GLOBAL] Exception[[

java.lang.Exception: Exception occured while encrypting the configuration

                at oracle.iam.OIMPostConfigManager.config.util.EncryptConfigurationAndDB.encryptConfiguration(EncryptConfigurationAndDB.java:181)

                at oracle.iam.OIMPostConfigManager.config.OIMConfigManager.encryptConfiguration(OIMConfigManager.java:5319)

                at oracle.iam.OIMPostConfigManager.config.OIMConfigManager.executeAndRegisterTask(OIMConfigManager.java:1634)

                at oracle.iam.OIMPostConfigManager.config.OIMConfigManager.configureOIM(OIMConfigManager.java:1556)

                at oracle.iam.OIMPostConfigManager.config.OIMConfigManager.doExecute(OIMConfigManager.java:1175)

                at oracle.iam.OIMPostConfigManager.appListener.BootStrapListener.preStart(BootStrapListener.java:128)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.run(BaseLifecycleFlow.java:240)

                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)

                at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)

                at weblogic.application.internal.ApplicationContextImpl$WLSSecurityProvider.invokePrivilegedAction(ApplicationContextImpl.java:1594)

                at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:201)

                at weblogic.application.internal.flow.HeadLifecycleFlow.prepare(HeadLifecycleFlow.java:245)

                at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:729)

                at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:45)

                at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:241)

                at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:66)

                at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:158)

                at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:65)

                at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:166)

                at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:41)

                at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:193)

                at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:31)

                at weblogic.management.deploy.internal.ConfiguredDeployments$2.doItem(ConfiguredDeployments.java:741)

                at weblogic.management.deploy.internal.parallel.BucketInvoker.invoke(BucketInvoker.java:138)

                at weblogic.management.deploy.internal.ConfiguredDeployments.transitionAppsParallel(ConfiguredDeployments.java:749)

                at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:363)

                at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:232)

                at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:219)

                at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:133)

                at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:76)

                at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1287)

                at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:333)

                at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:375)

                at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:487)

                at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:305)

                at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:85)

                at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2126)

                at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:116)

                at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:698)

                at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:78)

                at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:212)

                at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:235)

                at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:358)

                at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:487)

                at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:305)

                at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:85)

                at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2126)

                at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:116)

                at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:90)

                at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1237)

                at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1168)

                at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$UpOneLevel.run(CurrentTaskFuture.java:786)

                at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:670)

                at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)

                at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)

                at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)

                at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)

                at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:644)

                at weblogic.work.ExecuteThread.execute(ExecuteThread.java:415)

                at weblogic.work.ExecuteThread.run(ExecuteThread.java:355)

Caused by: java.lang.Exception: Exception occurred during generation of keystores.

                at oracle.iam.OIMPostConfigManager.config.util.EncryptConfiguratio

nAndDB.encryptConfiguration(EncryptConfigurationAndDB.java:161)

                ... 66 more

Cause:        Keystore password entered during oim configuration not working.

Workaround: 

Step 1: Find passwords from credential store, reference: https://iamconsultant.wordpress.com/2016/01/14/how-to-view-the-password-of-soa-credential-store-in-plain-text/

Step 2: Update keystore credential in enterprise manager retrieved from Step 1

Step 3: Restart OIM managed server.

Step 4: Validate Bootstrap Repot in OIM logs folder 

%DOMAIN HOME%/servers/oim_server1/logs/BootStrapReportPreStart.html

BOOTSTRAP REPORT

VALIDATION DETAILS

1. Connectivity Check :-

Connection Validation Detail	Status
SOA Connectivity	Up
Admin Connectivity	Up
DB Connectivity	Up

EXECUTION DETAILS :-

TaskName	Status	Execution Time(in ms)
SOAPRESTART	COMPLETE	12390
CREATEPOLICYSET	COMPLETE	1479
COPYMBEANS	COMPLETE	3
OIMCONFIGXMLUPDATE	COMPLETE	3074
IMPORT_KEYSTORES	COMPLETE	1022
ENCRYPT_CONFIGURATION	COMPLETE	868
LOADXMLMETADATA	COMPLETE	1338
SEEDADAPTERS	COMPLETE	46705
SEEDANDCONFIGURESCHEDULER	COMPLETE	17744
ENCRYPT_DB	COMPLETE	7283
NOTIFICATIONTEMPLATE	COMPLETE	3237
UPDATEWEBLOGICADMIN	COMPLETE	0

java.io.IOException: Plugin not found for system component type 'OUD', plugin type 'PROCESS'>

OUD Version: 12.2.1.3.0

Issue: Unable to start OUD instance created through weblogic script startComponent.cmd oud1


Sample command for creating oud instance from wlst: 

oud_createInstance(scriptName='oudsetup',instanceName='oud1',hostname='localhost',ldapPort=1389,rootUserDN='cn=oudadmin',rootUserPasswordFile='D:\password.txt',baseDN='dc=example,dc=com',sampleData=5,adminConnectorPort= 1444)


Error: 

 <SEVERE> <oud_domain> <Error when initializing System Component OUD server 'oud1', ignore it now: java.io.IOException: Plugin not found for system component type 'OUD', plugin type 'PROCESS'>
java.io.IOException: Plugin not found for system component type 'OUD', plugin type 'PROCESS'
at weblogic.nodemanager.server.NMPluginManager.getProcessPluginProxy(NMPluginManager.java:126)
at weblogic.nodemanager.server.ServerManagerFactory.createServerManager(ServerManagerFactory.java:34)
at weblogic.nodemanager.server.DomainManager$ServerManagers.getOrCreate(DomainManager.java:525)
at weblogic.nodemanager.server.DomainManager.initialize(DomainManager.java:171)
at weblogic.nodemanager.server.DomainManager.<init>(DomainManager.java:69)
at weblogic.nodemanager.server.NMServer.initDomains(NMServer.java:384)
at weblogic.nodemanager.server.NMServer.start(NMServer.java:360)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:591)
at weblogic.NodeManager.main(NodeManager.java:31)

Cause: When per host NodeManager is configured, need to copy JAVA_OPTIONS to Oracle_home/wlserver/server/bin/startNodeMananger.sh script from Domain_Home/bin/startNodeMananger.sh ,without these JAVA_OPTIONS system components cannot work.

Solution: 

Follow below steps to configure per host NodeManager:

Ref: Completing the Node Manager Configuration 

https://docs.oracle.com/middleware/12211/wls/WLUPG/upgrade_dom.htm#WLUPG467

1. Create a directory  named "NodeManager" in the location Oracle_Home/oracle_common/common/ as by default will not have this directory.
2. Copy nodemanager.domains and nodemanager.properties files from DOMAIN_HOME/nodemanager directory to the newly created NodeManager directory from item 1.
3. Copy the Security folder from DOMAIN_HOME to ORACLE_HOME/oracle_common/common/NodeManager directory.
4. Edit nodemanager.properties file and change these parameters.

From:

DomainsFile=<PATH to Domain_Home>/nodemanager/nodemanager.domains
NodeManagerHome=<PATH to Domain_Home>/nodemanager
LogFile=<PATH to Domain_Home>/nodemanager/nodemanager.log

To:

DomainsFile=<PATH to ORACLE_HOME>/oracle_common/common/nodemanager/nodemanager.domains
NodeManagerHome=<PATH to ORACLE_HOME>/oracle_common/common/nodemanager
LogFile=<PATH to ORACLE_HOME>/oracle_common/common/nodemanager/nodemanager.log

5. Edit the nodemanager.domains file and add the following lines:

DomainsFile=<PATH to ORACLE_HOME>/oracle_common/common/nodemanager/nodemanager.domains
NodeManagerHome=<PATH to ORACLE_HOME>/oracle_common/common/nodemanager

6. In the same nodemanager.domains file add the the Name and PATH of the domain which needs to be monitored

base_domain=<PATH to DOMAIN_HOME>

7. Keep a backup of startNodeManager.sh/cmd script

8. Copy first JAVA_OPTIONS and POST_CLASSPATH from startNodeManager.sh/cmd script under DOMAIN_HOME/bin to startNodeManager.sh/cmd under ORACLE_HOME/wlserver/server/bin script before the WL_HOME parameter

9. Copy the remaining JAVA_OPTIONS and PATH from startNodeManager.sh/cmd script under DOMAIN_HOME/bin to startNodeManager.sh/cmd under ORACLE_HOME/wlserver/server/bin script after the WL_HOME parameter

10. After the above changes, the first few lines of startNodeManager.sh/cmd under ORACLE_HOME/wlserver/server/bin looks similar to this

SETLOCAL

set JAVA_VM=

set MEM_ARGS=

FOR /f %%i in ('cd') do set MYPWD=%%i

SET SCRIPT_PATH=%~dp0

FOR %%i IN ("%SCRIPT_PATH%") DO SET SCRIPT_PATH=%%~fsi

@rem copied from domainhome\bin 

set JAVA_OPTIONS=%JAVA_OPTIONS% -Doracle.security.jps.config=D:\oracle\12c\Middleware\Oracle_Home\user_projects\domains\oud_domain\config\fmwconfig\jps-config-jse.xml -Dcommon.components.home=D:\oracle\12c\Middleware\Oracle_Home\oracle_common -Dopss.version=12.2.1.3

if NOT "%POST_CLASSPATH%"=="" (

set POST_CLASSPATH=D:\oracle\12c\Middleware\Oracle_Home\oracle_common\modules\oracle.jps\jps-manifest.jar;%POST_CLASSPATH%

) else (

set POST_CLASSPATH=D:\oracle\12c\Middleware\Oracle_Home\oracle_common\modules\oracle.jps\jps-manifest.jar

)

@ rem copied data end here

set WL_HOME=D:\Oracle\12c\Middleware\Oracle_Home\wlserver

set _startnm_params=%*

@rem copied from domainhome\bin 

set DOMAIN_HOME=D:\oracle\12c\Middleware\Oracle_Home\user_projects\domains\oud_domain

for %%i in ("%DOMAIN_HOME%") do set DOMAIN_HOME=%%~fsi

set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.RootDirectory=%DOMAIN_HOME% 

set JAVA_OPTIONS=-Doud.product.home=D:\oracle\12c\Middleware\Oracle_Home\oud %JAVA_OPTIONS%

@ rem copied data end here

11. Save the file startNodeManager.sh/cmd .

12. Start per host Nodemanager ORACLE_HOME/wlserver/server/bin

13. Start AdminServer using startWeblogic.sh/cmd

14. Now start Oracle OUD instance using  startComponent.cmd oud1

JBO-25058: Definition MyUDF__c of type Attribute is not found in UserVO

Sign-out after adding/updating UDF

You must sign-out from Identity Self-Service or Identity System Administration after adding new or updating existing UDF. This is to avoid known caching issue in ADF layer wherein older version of the VO is being cached and new changes are not being picked up.

If you forget to sign-out and go directly to the page where the VO is being used, you will see an error similar to JBO-25058: Definition MyUDF__c of type Attribute is not found in UserVO, or you will not be able to select the UDF in WebCenter Composer catalog while adding the UDF to the page.

Workaround:

1. Login to Enterprise Manager

2. In Application Deployments select oracle.iam.console.identity.self-service.ear link

3. In the top left of the UI choose Application Deployment | MDS Configuration (from the drop-down)

4. At the bottom of the screen choose “Runtime MBean Browser” (under the Advanced Configuration section)

5. The right side of the screen should refresh and then click on the “Operations” tab.

6. Scroll down and identify the MBean operation “listMetadataLabels” (choose the one that takes no parameters / the first one).

7. Click the Invoke Button

8. Find the sandbox that b0rked up and copy the Creation one to your clipboard (the line of text). For example the value you might copy might look something like – Creation_IdM_test_09:25:00

9. Now go back to Operations by clicking Return.

10. Find the MBean operation “promoteMetadataLabel” (the first one in the list with 1 parameter)

11. Paste the Creation sandbox text into the Lebel field and click the Invoke button

12. Restart OIM.

DBATGenerator.cmd throws "groovy.lang.GroovyRuntimeException: Could not find matching constructor for: org.identityconnectors.common.security.GuardedString(java.lang.String)"

Issue: 
INFO DBATGenerator: Configure the connector
Exception in thread "main" groovy.lang.GroovyRuntimeException: Could not find matching constructor for: org.identityconnectors.common.security.GuardedString(java.lang.String)
        at groovy.lang.MetaClassImpl.invokeConstructor(MetaClassImpl.java:1472)
        at groovy.lang.MetaClassImpl.invokeConstructor(MetaClassImpl.java:1388)
        at org.codehaus.groovy.runtime.callsite.MetaClassConstructorSite.callConstructor(MetaClassConstructorSite.java:46)
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:52)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:192)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:200)
        at org.identityconnectors.databasetable.generator.DBATGenerator.setProperty(DBATGenerator.groovy:347)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:86)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:234)
        at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:361)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:880)
        at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:66)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:155)
        at org.identityconnectors.databasetable.generator.DBATGenerator$_configure_closure1.doCall(DBATGenerator.groovy:145)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:86)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:234)
        at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:272)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:880)
        at groovy.lang.Closure.call(Closure.java:279)
        at groovy.lang.Closure.call(Closure.java:292)
        at org.codehaus.groovy.runtime.DefaultGroovyMethods.each(DefaultGroovyMethods.java:1166)
        at org.codehaus.groovy.runtime.DefaultGroovyMethods.each(DefaultGroovyMethods.java:1142)
        at org.codehaus.groovy.runtime.dgm$99.invoke(Unknown Source)
        at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoMetaMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:270)
        at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:52)
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:40)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
        at org.identityconnectors.databasetable.generator.DBATGenerator.configure(DBATGenerator.groovy:141)
        at org.identityconnectors.databasetable.generator.DBATGenerator$configure.call(Unknown Source)
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:40)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
        at org.identityconnectors.databasetable.generator.DBATGenerator.main(DBATGenerator.groovy:60)

Cause: 
In DBATConfiguration.groovy file password field is not commented.

      'password' : 'ABCD1234',// never provide passwords to generator

Solution:

Comment password and try to generate the connector package. You should be prompted to enter the password for the database user account.
 
// 'password' : 'ABCD1234', never provide passwords to generator

Unable to open OIM Deployment Manager in Java 7 and Java 8

Issue:

Pop-up Error "Your security settings have blocked an application from running due to missing a "Permissions" manifest attribute in the main jar"

Cause:

Note: This attribute check was added into the Java 7 branch starting with 1.7.0_45 and the Java 8 branch starting with 1.8.0_20 for preventing an attacker to exploit a user by re-deploying an application that is signed with original certificate and running the application at a different privilege level. Detail about this new check can be referenced in the following Java documentation: https://www.java.com/en/download/help/java_blocked.xml 

Solution:


For low level steps to add Web Access to the URL exception list:
 1. Browse to the $JRE_Home\bin directory (example: C:\Program Files (x86)\Java\jre1.xxxxx\bin)
 2. Double-click javacpl.exe to open the Java Control Panel
 3. Select the security tab within the Java Control Panel
 4. Select the 'Edit Site List' button
 5. Select Add to add the Web Access URL
 6. In the new field added, enter the Web Access URL in the following format: 
      - If using HTTP protocol: http://server:port/xlWebApp/ 
      - If using HTTPS protocol: https://server:port/xlWebApp/
      - Note: You *must* add the preceding "/" at the end of the "xlWebApp" context
 7. Select OK to close the exception list
 8. Select OK to close the Java Control Panel
 9. Reload the browser for changes to take effect

Access Manager Error: Unexpected Error occurred while processing credentials . Please retry your action again!

[Enterprise Manager Log]

Unable to connect to the User Store. User Store Centralized Ldap Store with initParams {GROUP_SEARCH_BASE=cn=groups,cn=acme,dc=com, GroupCacheEnabled=true, USER_SCHEMA=none, NATIVE=false, USER_SEARCH_BASE=cn=Users, dc=acme,dc=com, ENABLE_PASSWORD_POLICY=true, MAX_CONNECTIONS=50, GroupCacheTTL=0, SECURITY_PRINCIPAL=cn=oamLDAP,cn=systemids,dc=acme,dc=com, Description=Centralized store , ConnectionRetryCount=3, USER_NAME_ATTRIBUTE=uid, IsSystem=false, IsPrimary=false, ConnectionWaitTimeout=120, Name=Centralized Ldap Store, SearchTimeLimit=0, MIN_CONNECTIONS=10, USER_PASSWORD_ATTRIBUTE=userPassword, LDAP_PROVIDER=OID, GROUP_NAME_ATTR=, LDAP_URL=ldap://<host>:3060, ReferralPolicy=follow, GroupCacheSize=10000, UserIdentityProviderType=OracleUserRoleAPI} could not be initialized due to oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException.

[oam_server1-diagnostic.log]

oracle.security.am.engine.authn.api.exception.AuthenticationException
at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.checkAndThrowAuthenticationException(AuthenticationModuleExecutor.java:369)
at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:291)
at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:102)
at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:267)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:843)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:317)
at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)
at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)
at oracle.security.am.controller.MasterController.process(MasterController.java:708)
at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:198)
at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:157)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:292)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20007: Unable to connect to the User Store.

Cause:
                     User Identity Store Name contains space
Solution:
 Create a new User Identity Store name without space

Metalink Reference: OAM: 11.1.2.2 Space in DataStore name results in : "IdentityProviderException: OAMSSA-20007: Unable to connect to the User Store" (Doc ID 1645954.1)

Access Manager Error: MBean operation access denied. MBean: com.oracle.igf:type=Xml,name=IDSConfig Operation: listAllIdentityDirectoryService() Detail: Access denied.

Problem: Error while accessing Access Manager- > User Identity Store:

Messages for this page are listed below.
Error
MBean operation access denied. MBean: com.oracle.igf:type=Xml,name=IDSConfig Operation: listAllIdentityDirectoryService() Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[oamadmin, OAMAdmins, OAMAdministrators, wlsadmingroup, OAMSystemAdminGroup]
Error
javax.management.RuntimeMBeanException: java.lang.SecurityException: MBean attribute access denied. MBean: com.oracle:name=ESSOIDSRepository,context=ids,type=OVD.AdaptersConfig,OVD=AdaptersConfig Getter for attribute Id Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[oamadmin, OAMAdmins, OAMAdministrators, wlsadmingroup, OAMSystemAdminGroup]

Environment: OAM and OIM integrated and OID as repository

Cause: 

1. Administrators , Operator and Monitor groups missing in OID
2. OAM Admin User not a member of Administrators , Operator and Monitor in OID

Solution: 

Create Administrators , Operator and Monitor groups in OID and make OAM Admin User member of these groups.