Oracle Enterprise Manager 11g reports security error when starting a managed server

After testing the new Oracle WLS 10.3.3 for a while, I found out that starting a managed server in the Oracle Enterprise Manager 11g failed with

[Security:090504]Certificate chain received from localhost – 127.0.0.1 failed hostname verification check. Certificate contained rn360-a1-20 but check expected localhost

Interestingly I don’t get this error when taking a managed server down using EM11g.

Searching the web I found this solution:

This Document shows one solution is to set a JAVA_OPTION in your startWebLogic.sh file:
-Dweblogic.security.SSL.ignoreHostnameVerification=true

After a restart of the server all errors are gone.

Still, I like to know why it worked before the upgrade.¬† I keep digging …

ed before the upgrade.¬† I keep digging …

05-09-2010 Follow up:

It turned out that the new WLS not only reports security errors but looses the connection to the managed servers if you change stuff like jdbc connections declared in the domain.

In the first part of this post I tried to turn off the host name verification, but got it only half. To turn the verification off one need to set two different switches in different places:

Node Manager: -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
(In Nodemanager JAVA_OPTIONS)

Admin Server: -Dweblogic.security.SSL.ignoreHostnameVerification=true
(In Server’s JAVA_OPTIONS)

FATAL ERROR when upgrading to WLS 10.3.3

In one of my last posts (https://tompeez.wordpress.com/2010/05/01/upgrade-an-existing-wls-10-3-2-to-wls-10-3-3/) I talked about the process of upgrading an existing WLS 10.3.x server to version 10.3.3.
One minor bug or glitch came up when I tried the procedure on one of the customers WLS servers.
Right befor the upgrade process starts we got a ‘FATAL ERROR’ from the installer. No log where written, nothing unusual I could think of.
After trying it out a couple of times, the last try I used JRockit instead of the configured Sun JDK and bingo I got an error message too. The big difference this time it told me that the free space on one of the partitions was too small.
Removing some old stuff from the partition solved the problem.

Upgrade an existing WLS 10.3.2 to WLS 10.3.3

Since JDev 11.1.1.3.0 is out we have to think about where to deploy the apps to which are developed with the new version. Bad new is, that you can’t use existing WLS 10.3.2 and just delpoy application compiled or developed with the new JDev 11.1.1.3.0 version. Good news is, that you don’t have to setup a whole new WLS 10.3.3, at least if you have a valid support contract.

Log in to MOS and download the upgrade installer for WLS 10.3.3 (from the patch and update section) and the ‘Oracle Application Development Runtime 11g Patch Set 2’ (from E-Delivery)

In this short post I’ll just describe the ease routine of updating an existing WLS 10.3.2 :

  1. remove all your applications running on WLS 10.3.2 (first stop them, then delete them)
  2. stop WLS 10.3.2
  3. make a backup of all the files in WLS you have changed. The upgrade process does this for only a barely minimum of files.
  4. run the upgrade installer for WLS 10.3.3: this is just pointing to the existing ‘Middleware’ folder (the folder you installed the WLS 10.3.2 to) and let the installer do the rest of the work
  5. run the ADF runtime installer patch to 11.1.1.3.0: this is patch installer, so you need to have ADF 11.1.1.2.0 installed, otherwise you’ll get an error. The only thing to do is to point to an existing domain in the now upgraded WLS.
  6. start WLS now 10.3.3
  7. deploy your apps (compiled with JDev 11.1.1.3.0) again

That all you need to do. For more complex scenarios like clusters  and/or WLS installation which have been adopted to special needs you my have to do some more work. This is all well documented in the README.TXT file you get together with the upgrade installer.