OAM 11g integration with Kerberos on cluster with load-balanced virtualhost

Similar Messages

• CF8/JRun4 Cluster for Load Balancing

  Does anyone have an example of how to set up a CF8/JRun4
  cluster for load balancing?
  I have three servers:
  x004 - Linux - Apache2 (10.0.0.54,10.1.0.54)
  x020 - Linux - JRun4/CF8 (10.0.0.70,10.1.0.70)
  x021 - Linux - JRun4/CF8 (10.0.0.71,10.1.0.71)
  Every server in our network has two network cards. One
  network card is attached to 10.0.x.x which has a gateway to the
  internet and runs at 100Mbps and is firewalled, and the other is
  attached to 10.1.x.x which runs at 1Gbps and is internal with no
  gateway. I'm trying to set it up so web traffic arrives on
  10.0.0.54 into Apache and mod_jrun20 bootstraps a cluster named
  STST using 10.1.0.54 which consists of STST_x020 coldfusion server
  running on x020 and STST_x021 running on x021. I want the
  communications between JRun4 on x020 and x021 to occur on the
  10.1.x.x network and eventhough JRun and ColdFusion will only use
  the 10.1.x.x network I still need the 10.0.x.x network card
  attached for other purposes which require a gateway. I have
  installed JRun4/CF8 about 10 times already and it seems I have no
  control over what network JRun4 clusters on... sometimes it will
  communicate on one, sometimes the other and without being able to
  set which network is being used there always seems to be "network
  error" on at least one of the two CF8 servers. I was able to get
  everything working fine by disabling the network cards on the
  10.0.x.x network and re-installing everything... but as soon as I
  added the network cards back the whole thing was broken again.
  How is this supposed to work? Most of the examples are either
  no clustering or clustering on the same machine with Apache running
  on the same box... I don't see any clustering across machines
  examples.
  How do I install a connector on a web server which doesn't
  have JRun on it and get wsconfig to connect to a multi-machine
  cluster when wsconfig only accepts a single IP address as a host
  and the cluster is not listed?
  How do I get JRun to bind to a specific network card?
  Does this work if I choose a J2EE server other than JRun?
  Any help anyone can provide is greatly appreciated. I'm
  getting close to giving up which means staying on the non-clustered
  environment and figuring out how we can deal with scalability by
  switching to something else.

  The article at
  http://www.adobe.com/go/1e8e9170
  is specific to configuring two or more cluster nodes that reside on
  separate networks, e.g. 10.0.1.0/24 and 10.0.2.0/24. (The article
  doesn't state it, but you can only use unicast peers if your
  cluster nodes host a single instance of JRun or multiple instances
  of JRun in the same cluster domain. When performing unicast
  discovery, JRun looks for all Jini groups and not just the cluster
  group.)
  Anyhow, that's not your problem. The simplest solution is you
  haven't enabled the jrun.servlet.jrpp.JRunProxyService service. I'm
  most familiar with the Windows version of JRun, but I'm assuming
  the directory structure is similar across platforms. In
  <jrun_root>/servers/<name>/SERVER-INF/jrun.xml, set the
  deactivated attribute of the jrun.servlet.jrpp.JRunProxyService
  service to false and restart JRun. You should now see JRun
  listening on the appropriate port. (The default for the first
  manually created instance is 51000.) You can limit the proxy
  service to a single interface using the interface attribute.
  If you have enabled the proxy service, verify your security
  settings in <jrun_root>/lib/security.properties. It's usually
  best to limit access to specific hosts. Comment out the
  jrun.subnet.restriction parameter and set the jrun.trusted.hosts to
  the IP address of your web server, e.g. 10.1.0.54.
  Forcing all JRun processes/services to listen on a single
  interface isn't difficult, but it does require modifying quite a
  few configuration files by hand. If you need assistance with that,
  I can elaborate.
  Configuring the JRun module under Apache is pretty
  straightforward. If you're not using virtual hosts, it's very
  simple. If you are using virtual hosts, it's still simple, but your
  JRun configuration can be virtual host-specific.
  On your Apache server, you'll want to create a directory
  structure for the JRun module. I'll assume
  /opt/jrun/lib/wsconfig/1, but you can use anything you want. Once
  the directory structure is created, extract the appropriate JRun
  module from wsconfig.jar to the new directory. You're most likely
  interested in the Apache 2.0 module,
  wsconfig.jar/connectors/apache/intel-linux/prebuilt/mod_jrun20.so.
  Let's assume you've extracted the module to
  /opt/jrun/lib/wsconfig/1/mod_jrun20.so. Your Apache service account
  should have read, write, and execute permissions on the
  /opt/jrun/lib/wsconfig/1 directory.
  The JRun module configuration is normally appended to your
  current httpd.conf file by wsconfig. Here's a sample configuration:
  LoadModule jrun_module
  "/opt/jrun/lib/wsconfig/1/mod_jrun20.so"
  <IfModule mod_jrun20.c>
  JRunConfig Verbose false
  JRunConfig Apialloc false
  JRunConfig Ssl false
  JRunConfig Ignoresuffixmap false
  JRunConfig Serverstore
  "/opt/jrun/lib/wsconfig/1/jrunserver.store"
  JRunConfig Bootstrap 10.1.0.70:51000
  #JRunConfig Errorurl <optionally redirect to this URL on
  errors>
  #JRunConfig ProxyRetryInterval 600
  #JRunConfig ConnectTimeout 30
  #JRunConfig RecvTimeout 30
  #JRunConfig SendTimeout 30
  AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr
  .cfswf
  </IfModule>
  You may also want to update your DirectoryIndex directive
  with an appropriate index page, e.g. index.cfm.
  After the first request to a page handled by the JRun module
  is received, the module will query the boostrap server,
  10.1.0.70:51000, for a list of cluster peers. If you've configured
  your cluster correctly, a line similar to following will be written
  to /opt/jrun/lib/wsconfig/1/jrunserver.store:
  proxyservers=10.1.0.70:51000;10.1.0.71:51000
  You can create/edit this file manually as well.
  Unfortunately, the bootstrap option only accepts one server. If
  your bootstrap server is down, the JRun module will use the values
  in jrunserver.store directly, if the file exists.
  Here's a complete list of JRun module options:
  metrics *
  debugger *
  ssl *
  verbose
  traceflags
  serverstore
  bootstrap
  errorurl
  apialloc
  ignoresuffixmap
  proxyretryinterval
  connecttimeout
  recvtimeout
  sendtimeout
  sslcalist
  Options flagged with an asterisk can only be configured at
  the Apache server level. All other options can be configured at the
  server level and/or the virtual host level. The usage of these
  options is in the JRun documentation, and the JRun module source
  code is included in wsconfig.jar. Keep in mind that versions of the
  JRun module shipped prior to ColdFusion 8 were coded to assign the
  connecttimeout and sendtimeout options to the socket connection
  timeout. Whichever option appeared last in your configuration ended
  up as the final value. This has been fixed in ColdFusion 8 and
  presumably the next release of the JRun updater.
  I think that's a good start. If you need more information or
  can't find what you need in the JRun or ColdFusion documentation,
  let me know.
  If you're looking for resiliency, I highly recommend
  expanding your configuration to include a second web server and a
  hardware load-balancer (preferably one that supports redudancy via
  multiple paths and devices, e.g. devices from Cisco, F5, or Foundry
  Networks). Often, however, running Apache on the ColdFusion
  server(s) provides adequate performance, and round-robin DNS
  records coupled with the ability to update DNS quickly in the event
  of a failure may be all you need for load-balancing and
  failover.

• How to setup Adobe Media Server Professional x 2 run as cluster for load balance?

  How to setup Adobe Media Server Professional x 2 run as cluster for load balance?

  Hi,
  Welcome to adobe forums,
  Please refer to these help files in order to setup AMS as a cluster : https://helpx.adobe.com/adobe-media-server/config-admin/load-balancing.html
                                                                                                              https://helpx.adobe.com/adobe-media-server/tech-overview/scaling-server.html
  Let me know if you need any help.
  Regards,
  Puspendra

• Having issue with start weblogic cluster with tangosol cluster

  Hi,
  Oracle Coherence Version 3.3.1/389p1
  Grid Edition: Development mode
  We are using Weblogic 8.1.5 with Tangosol 3.3.1 on Linux servers.
  And we added the initializing logic in the servlet's init() method to get all NamedCaches and put into the ServletContext.
  When we start weblogic cluster, the first weblogic member will startup successfully with following messages :
  <Nov 7, 2007 10:12:30 AM EST> <Info> <HTTP> <BEA-101047> <[2007-11-07 10ServletContext(id=259640596,name=clusterqa,context-path=)] initObjects: init>:12:31.565 Oracle Coherence 3.3.1/389p1 <Info> (thread=Main Thread, member=n/a): Loaded operational configuration from resource "zip:/home/server/clusterqa/wls81/DOCVIEW/docqa1/.wlnotdelete/extract/docqa1_DOC_clusterqa/jarfiles/WEB-INF/lib/coherence.jar!/tangosol-coherence.xml"
  2007-11-07 10:12:31.598 Oracle Coherence 3.3.1/389p1 <Info> (thread=Main Thread, member=n/a): Loaded operational overrides from file "/home/www/WEB-INF/lib/tangosol-coherence-override.xml"
  Oracle Coherence Version 3.3.1/389p1
  Grid Edition: Development mode
  Copyright (c) 2000-2007 Oracle. All rights reserved.
  2007-11-07 10:12:31.938 Oracle Coherence GE 3.3.1/389p1 <Info> (thread=Main Thread, member=n/a): Loaded cache configuration from file "/home/www/WEB-INF/lib/pub-search-cache-config.xml"
  2007-11-07 10:12:31.983 Oracle Coherence GE 3.3.1/389p1 <Info> (thread=Main Thread, member=n/a): sun.misc.AtomicLong is not supported on this JVM; using a synchronized counter. Though safe to ignore, you may upgrade to BEA's 1.5 JVM to fix this issue.
  2007-11-07 10:12:33.267 Oracle Coherence GE 3.3.1/389p1 <Warning> (thread=Main Thread, member=n/a): UnicastUdpSocket failed to set receive buffer size to 1428 packets (2096304 bytes); actual size is 89 packets (131071 bytes). Consult your OS documentation regarding increasing the maximum socket buffer size. Proceeding with the actual value may cause sub-optimal performance.
  2007-11-07 10:12:34.118 Oracle Coherence GE 3.3.1/389p1 <D5> (thread=Cluster, member=n/a): Service Cluster joined the cluster with senior service member n/a
  2007-11-07 10:12:37.508 Oracle Coherence GE 3.3.1/389p1 <Info> (thread=Cluster, member=n/a): Created a new cluster with Member(Id=1, Timestamp=2007-11-07 10:12:33.323, Address=10.5.176.86:8088, MachineId=48982, Edition=Grid Edition, Mode=Development, CpuCount=4, SocketCount=2) UID=0x0A05B056000001161AAB782BBF561F98
  2007-11-07 10:12:37.736 Oracle Coherence GE 3.3.1/389p1 <D5> (thread=Invocation:Management, member=1): Service Management joined the cluster with senior service member 1
  2007-11-07 10:12:38.168 Oracle Coherence GE 3.3.1/389p1 <D5> (thread=DistributedCache, member=1): Service DistributedCache joined the cluster with senior service member 1
  <Nov 7, 2007 10:12:38 AM EST> <Info> <HTTP> <BEA-101047> <[ServletContext(id=259640596,name=clusterqa,context-path=)] xslProcessor: init>
  But trying to start the second weblogic member server, the startup process is stucked after tangosol cache initialization and the second weblogic member server never up running. Please see following messages :
  <Nov 7, 2007 9:49:38 AM EST> <Info> <HTTP> <BEA-101047> <[ServletContext(id=153019550,name=clusterqa,context-path=)] initDSNames: init>
  <Nov 7, 2007 9:49:42 AM EST> <Info> <HTTP> <BEA-101047> <[ServletContext(id=153019550,name=clusterqa,context-path=)] initObjects: init>
  2007-11-07 09:49:43.156 Oracle Coherence 3.3.1/389p1 <Info> (thread=Main Thread, member=n/a): Loaded operational configuration from resource "zip:/home/server/clusterqa/wls81/DOCVIEW/docqa2/.wlnotdelete/extract/docqa2_DOC_clusterqa/jarfiles/WEB-INF/lib/coherence.jar!/tangosol-coherence.xml"
  2007-11-07 09:49:43.188 Oracle Coherence 3.3.1/389p1 <Info> (thread=Main Thread, member=n/a): Loaded operational overrides from file "/home/www/WEB-INF/lib/tangosol-coherence-override.xml"
  Oracle Coherence Version 3.3.1/389p1
  Grid Edition: Development mode
  Copyright (c) 2000-2007 Oracle. All rights reserved.
  2007-11-07 09:49:43.528 Oracle Coherence GE 3.3.1/389p1 <Info> (thread=Main Thread, member=n/a): Loaded cache configuration from file "/home/www/WEB-INF/lib/pub-search-cache-config.xml"
  2007-11-07 09:49:43.571 Oracle Coherence GE 3.3.1/389p1 <Info> (thread=Main Thread, member=n/a): sun.misc.AtomicLong is not supported on this JVM; using a synchronized counter. Though safe to ignore, you may upgrade to BEA's 1.5 JVM to fix this issue.
  2007-11-07 09:49:44.829 Oracle Coherence GE 3.3.1/389p1 <Warning> (thread=Main Thread, member=n/a): UnicastUdpSocket failed to set receive buffer size to 1428 packets (2096304 bytes); actual size is 89 packets (131071 bytes). Consult your OS documentation regarding increasing the maximum socket buffer size. Proceeding with the actual value may cause sub-optimal performance.
  2007-11-07 09:49:45.419 Oracle Coherence GE 3.3.1/389p1 <D5> (thread=Cluster, member=n/a): Service Cluster joined the cluster with senior service member n/a
  2007-11-07 09:49:45.555 Oracle Coherence GE 3.3.1/389p1 <Info> (thread=Cluster, member=n/a): Failed to satisfy the variance: allowed=16, actual=47
  2007-11-07 09:49:45.555 Oracle Coherence GE 3.3.1/389p1 <Info> (thread=Cluster, member=n/a): Increasing allowable variance to 19
  2007-11-07 09:49:46.040 Oracle Coherence GE 3.3.1/389p1 <Info> (thread=Cluster, member=n/a): This Member(Id=2, Timestamp=2007-11-07 09:49:45.69, Address=10.5.176.85:8088, MachineId=48981, Edition=Grid Edition, Mode=Development, CpuCount=4, SocketCount=2) joined cluster with senior Member(Id=1, Timestamp=2007-11-07 09:45:10.205, Address=10.5.176.86:8088, MachineId=48982, Edition=Grid Edition, Mode=Development, CpuCount=4, SocketCount=2)
  Could you please explain why it happens, and what should I do to resolve this issues ?
  Many Thanks,
  Bing

  Hi, Gene
  Thank you for the response. I will send you our full log files and thread dumps.
  I just want to give you more details about our cases :
  1. This only happened without starting cache servers (com.tangosol.net.DefaultCacheServer).
  2. And our application which are running on weblogic cluster will just call "CacheFactory.getCache("XXX")", and running as the Tangosol DataClient.
  3. All weblogic member servers will be up running successfully if our cache servers are up running.
  Also I tried to test another case :
  Suppose all weblogic instances and cache server instances are up running. Now I trying to restart (kill weblogic instance process and restart) one of the weblogic member, It will up running successfully only if add some sleep times after killing weblogic processes and restarting it. Looks like tangosol cluster need certain time to aware the member has left cluster, then the restart process will be successful.
  Questions :
  1. Should we start our weblogic cluster only after cache server cluster is up running ?
  2. How do we decide how many time we should wait before start new process to join the cache cluster ?
  Could you please help to explain this one for me and let us if there anyway we can do to avoid the problem.
  Many Thanks !!!
  Bing

• Cisco 2811 Router with 3 ADSL card and load balancing

  Dear All,
  I have few queries:
  1. Does Cisco 2811 Router support 3 ADSL card?
  2. We are the ISP. I want to do load balancing with 3 dsl
  line on Cisco 2811 Router.
  Please send me the linke for this configuration.
  Thanks/Regards
  Atul

  hi
  In 2811 you have 4 HWIC and 1 NME you can install 1-port ADSL WAN Interface Cardon the HWIC slots.
  Also just enable 3 default (equal cost) routes towards the interfaces which will take care of the load balancing.
  if you need more info and inputs do post out with ur requirements along with network topology in place at present..
  regds

• OCS 10g Cluster Installation  - Load Balancing

  Hi all,
  Anybody have sucessfully install and configure OCS 10g Cluster ?, with load balancing ?
  I'm trying to install OCS 10g cluster with a two node server setup, and using Oracle web Cache as the load balancer, but not sucessfull. Any hints ?
  Regards
  Lanang

  Just found out that Oracle Web Cache support HTTP and HTTPS only, no LDAP traffic yet. That why the cluster node installation failed. Trying using iptables NAT for the LDAP traffic, and the HTTP will use web cache.
  Regards
  Din

• OBPM Enterprise Deployment on WLS - No Cluster, But Load Balanced

  All,
  Does anyone know of any gotchas when deploying BPM to WLS on 2 separate nodes, sharing the same directory, but not clustered. The system is load balanced based on F5. Basically we are talking a hot server/cold server deployment.
  When we deploy projects, they default to the hot server even if the cold server is specified for deployment.
  Anyone done this before?
  TIA,
  IGS

  Hi,
  Sorry, but I could not understand completely your architecture.
  Are you talking about the Workspace (not clustered but load balanced). That's supported.
  Or, are you trying to load balance the engine? (a single engine with 2 or more nodes)
  If so.... I wouldn't recommend that you to do that.
  Let me explain you why.
  The engine uses the queue to balance the work among the different nodes. (that's why you have to configure a Distributed Queue and disable the server affinity in the connection factory).
  Even more, the engine has some internal mechanism of synchronization among nodes so as to avoid some inter-node locking. If your engine nodes are not in a cluster, that mechanism will be disabled and the overall engine performance will be significantly degraded.
  I'm not sure if I have answered your question. If not, please add more details of your configuration.
  Hope this helps,
  Ariel

• Question about Cluster/DSync/Load Balance

  According to the admin doc of iplanet, primary server is
  the "manager" for data sync, is there any impact on
  load balance when the iAS run as primary or backup?
  will the primary kxs get the request first and do dispatching?
  Thanks.
  Heng

  First of all lets discuss load balancing....
  The type of load balancing you are using will determine which process manages the load balancing. If you are using Response time (per server or per component response time) or round robin (regular or weighted) the web connector does the load balancing. If you are using User Defined (iAS based) load balancing then the kxs process becomes involved with load balancing of requests since the "Load Balancing System" is part of the kxs process.
  Now for Dsync and how it impacts load balancing.
  When a server is a sync primary or a sync backup role it is doing more work. For the sync primary the extra work is making sure the backup has the latest Dsync Data and processing requests from the other servers in the cluster about the Distributed data. All state/session information is updated/created/deleted on the sync primary, when this happens the sync primary immediately updates the sync backup(s) with this new information. As you can guess managing the Dsync information and making the updates to the sync backups causes extra processing on the sync primary, so this will impact the overall performance of the machine (whether it be in server load or response time of processing). All lookup of state/session information is done on the sync primary only so the more lookups/updates you have to more impact on the server.
  The sync backup(s) also have the extra work of managing their copy of the Dsync Data which will impact server performance but to a lessor degree of the sync primary.
  Ultimately the extra overhead involved does have an impact on loadbalancing due to the extra load on the sync primary and sync backups.
  Hope that helps,
  Chris Buzzetta

• Cluster not load-balancing, ideas?

  I've been struggling to identify why my JMS producers are not load-balancing against a remote cluster.
            I've ruled out the producer as being the problem (I see the same non-load-balancing behavior regardless of what I use to create messages - Hermes, ALSB, simple Java producer...) I also don't think the JMS Connection Factory config is the problem, judging by the help I've received from folks over on the jms forum.
            I believe something is wrong with our cluster setup because in addition to the problem I just mentioned, we also are not seeing JNDI entries propagate to all managed servers - for example, if I create one jms queue on m1, that queue does not appear in the jndi tree on m2.
            I've been trying to find any documentation on what settings I should look at to verify the cluster configuration. If I go through the WLS console and look at the Cluster settings, I see both managed servers there, is there some other place that the configuration could be messed up?
            Added 6/11, 9:30 am:
            We're focusing on multicast now as the most likely problem. Can anyone tell me whether clusters on the same multicast address but different ports will interfere with each other? It looks like the infrastructure team has set up 5 clusters like that (same multicast address in each cluster, but different ports).
            We've got a ticket open with BEA but it's been two weeks now and nothing except requests for more information.
            Any ideas/help are much appreciated!
            Meghan
            Edited by pietila at 06/11/2008 7:38 AM

  Meghan Pietila wrote:
            > I've been struggling to identify why my JMS producers are not load-balancing against a remote cluster.
            >
            > I've ruled out the producer as being the problem (I see the same non-load-balancing behavior regardless of what I use to create messages - Hermes, ALSB, simple Java producer...) I also don't think the JMS Connection Factory config is the problem, judging by the help I've received from folks over on the jms forum.
            >
            > I believe something is wrong with our cluster setup because in addition to the problem I just mentioned, we also are not seeing JNDI entries propagate to all managed servers - for example, if I create one jms queue on m1, that queue does not appear in the jndi tree on m2.
            >
            > I've been trying to find any documentation on what settings I should look at to verify the cluster configuration. If I go through the WLS console and look at the Cluster settings, I see both managed servers there, is there some other place that the configuration could be messed up?
            >
            > Added 6/11, 9:30 am:
            > We're focusing on multicast now as the most likely problem. Can anyone tell me whether clusters on the same multicast address but different ports will interfere with each other? It looks like the infrastructure team has set up 5 clusters like that (same multicast address in each cluster, but different ports).
            >
            > We've got a ticket open with BEA but it's been two weeks now and nothing except requests for more information.
            >
            > Any ideas/help are much appreciated!
            >
            > Meghan
            >
            > --
            > Edited by pietila at 06/11/2008 7:38 AM
            You could be right. I think we have had problems where the same IP but
            different ports were used for multicast. This is on 8.1 though.
            I think as a rule, it's best to have a different ip and port for each
            cluster.
            Also - can you be sure that no one else is using the multicast addresses
            on the network for anything else - we had someone bring up a test
            cluster using our addresses which caused a few issues and took a while
            to find! We also have security cameras which also use multicast, which
            if they are using the same address/port can cause issues!
            We're using 239.192.1.4:8001 for one cluster and 239.192.1.3:7001 for
            the other - I think it's best to keep those as different as you can.
            In 8.1, there is also the multicast monitor utility - there's a support
            pattern on e-support on how to diagnose it. I've found this useful in
            the past when I've suspected a cluster issue.
            https://support.bea.com/application_content/product_portlets/support_patterns/wls/MulticastErrorsPattern.html
            Check also that you're using a valid range for the address - we weren't
            for a while and had odd problems from time to time.
            There are also cluster debug flags available which you'll see listed in
            the support document.
            Are you seeing dropped multicast packets?
            Hope that helps.
            Pete

• OAM 11g integration with Demantra, VCP and APCC

  I have a requirement here to implement SSO between the following applications using the OAM 11.1.1.5
  1.     Oracle e-Business Suite 12.1.3 (iSupplier, iReceivables and iStore)
  2.     VCP ( Value Chain Planning )
  3.     Demantra
  4.     APCC ( Advanced Planning Command Center )
  I am following the below url for configuring the OAM with Oracle e-Business Suite to implement SSO.
  https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=BULLETIN&id=1309013.1
  And VCP, demantra and APCC applications have been deployed independently on it’s own application servers on three different hosts.
  I am trying to figure it out the SSO implementation approach for these 3 applications. I would like to know whether Oracle has got any out of box SSO implementation techniques for these applications as EBS. I would appreciate if someone shares oracle document links related to this integration.
  I am seeking experts suggestion on this to proceed further.

  David,
  Your Principal name should be the SSO LB URL.(ie :sso.mycomany.com)
  ktpass -princ HTTP/sso.mycomany.com@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
  Also make sure sso.mycomany.com has a reverse DNS configured correctly.
  you can check using dig command
  ping sso.mycomany.com
  What ever the ip-address
  dig -x <IP-ADDRESS>
  Check in the reverse DNS section there should be 1 record.
  ;; ANSWER SECTION:
  1.1.1.1.in-addr.arpa. 3600 IN PTR sso.mycomany.com.
  Let me know if you have more questions.
  Thanks
  Saurabh

• Weblogic cluster software load balancer

  Hi,
  We are currently using Weblogic domain as a Proxy Plug-In for High Availability test as it’s explained in this blog http://andrejusb.blogspot.com/2009/04/weblogic-load-balancing-for-oracle-adf.html.
  Its working fine for POC project but what software load balancer would you recommended for production environment on Linux? (Assume that we don’t have a hardware load balancer).
  - Oracle active-passive OHS web-tier clustering.
  -Using Linux open source Linux Software(e.g. HAProxy and KeepAlived as explained here http://biemond.blogspot.com/2010/04/high-availability-load-balancer- for.html
  -Using any other software load Balancer
  I would appreciate if anybody can provide some recommendations/links etc.
  Thanks
  Alex

  Hi Alex,
  Yes you should never use HttpClusterServlet, not even for fun ;-)
  We use mod_wl (Web Server Plug-In) for Apache for several customers and that works fine.
  Check this:
  http://docs.oracle.com/cd/E23943_01/web.1111/e14395/toc.htm
  Regards Peter

• Cluster without load balancer?

  Can two FMS interactive servers work this way:
  1. they both serve the same VOD flv file existing on both
  machines
  2. whe one server gets X users connected, next user (X+1) is
  routed to the next server
  3. there is no hardware for the load balancer
  Is this possible and if it is, how?

  Yes.... it's possible, but there's nothing built-in to FMS to
  handle it. You need to write your own application to do it.
  I like to handle this by building a little app that polls the
  admin service of each involved server once a second or so, and
  retrieves stats about the application instances i need to keep
  track of (we'll call it the "load balancer app" . In this
  application, I include functions to loop through the stats data for
  each server, and determine which is the most logical to send the
  next client to.
  On the client side, I first connect to the load balancer app,
  providing an identifier for the application I want to connect to as
  an argument in the connect() call. The load balancer makes the best
  server determination, and returns the host name of the target
  server. The client then disconnects from the load balancer, and
  connects to the target host.

• OAM 11g BP02 with Kerberos is not working on AIX

  Hi,
  We are trying to configure OAM 11g with Kerberos on AIX with no success..
  Resource is protected according to OAM documentation guide but the oam logs shows the following:
  [2012-08-28T00:03:22.305-05:00] [oam_server1] [TRACE] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread:
  '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000J_fbCuS9h^k5kzWByZ1GF532
  00000G,0] [APP: oam_server] [SRC_METHOD: log] [SRC_CLASS: oracle.security.am.engines.common.adapters.OAMLoggerImp
  l] Authentication Failed.[[
  javax.security.auth.login.LoginException: Bad JAAS configuration: bad URL /home/oracle/oam.keytab
  Error java.net.MalformedURLException: no protocol: /home/oracle/oam.keytab
  at com.ibm.security.jgss.i18n.I18NException.throwLoginException(I18NException.java:5)
  at com.ibm.security.auth.module.Krb5LoginModule.j(Krb5LoginModule.java:537)
  at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:146)
  at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:274)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
  at java.lang.reflect.Method.invoke(Method.java:611)
  we are using OAM 11g BP 02.
  oam-config.xml is configured as follow:
  <Setting Name="KerberosModules" Type="htf:map">
  <Setting Name="6DBSE52C" Type="htf:map">
  <Setting Name="keytabfile" Type="xsd:string">/home/oracle/oam.keytab</Setting>
  <Setting Name="krbconfigfile" Type="xsd:string">/etc/krb5/krb5.conf</Setting>
  <Setting Name="name" Type="xsd:string">Kerberos</Setting>
  <Setting Name="principal" Type="xsd:string">HTTP/myssoserver@mydomain</Setting>
  </Setting>
  </Setting>
  Please let me know how to get this resolved. Thanks in advance.
  Regards.

  David,
  Your Principal name should be the SSO LB URL.(ie :sso.mycomany.com)
  ktpass -princ HTTP/sso.mycomany.com@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
  Also make sure sso.mycomany.com has a reverse DNS configured correctly.
  you can check using dig command
  ping sso.mycomany.com
  What ever the ip-address
  dig -x <IP-ADDRESS>
  Check in the reverse DNS section there should be 1 record.
  ;; ANSWER SECTION:
  1.1.1.1.in-addr.arpa. 3600 IN PTR sso.mycomany.com.
  Let me know if you have more questions.
  Thanks
  Saurabh

• Load balancing to a WLS 8.1 cluster with BigIP 9.0

  We are experiencing a problem load balancing to our 8.1 cluster using f5's 1500 with BigIP 9.02. The cluster is not configured with any failover capability; we are have configured the BigIP with active cookie insertion persistence; all is well untill we take down one of the nodes in the cluster; any session associated with that node via the load balancer is bounced repeatedly between the two remaining nodes; the only solution appears to be to close all browser instances and open a new one. Has anyone experienced this behavior and have some suggestions ?

  We are experiencing a problem load balancing to our 8.1 cluster using f5's 1500 with BigIP 9.02. The cluster is not configured with any failover capability; we are have configured the BigIP with active cookie insertion persistence; all is well untill we take down one of the nodes in the cluster; any session associated with that node via the load balancer is bounced repeatedly between the two remaining nodes; the only solution appears to be to close all browser instances and open a new one. Has anyone experienced this behavior and have some suggestions ?

• OAM 11g throws error when user store is changed

  We have OAM 11g integrated with OIF 11g as the SP. We need to change the OAM User store from OID to OVD. I added a new User store in the OAM console and set that as the default store. In the OAM console, under System Configuration -> Common Configuration -> Data Stores -> User Identity Stores, I added the OVD repository we want to use and set it as the default store. When I make this change in OAM data stores, OAM throws an error.
  On the browser I see the error: System error. Please re-try your action. If you continue to get this error, please contact the Administrator.
  In the OAM diagnostic logs, I see the following errors:
  [2012-08-11T08:37:27.016-04:00] [oam_server1] [ERROR] [OAMSSA-20005] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Error initializing User/Role API : null.
  [2012-08-11T08:37:27.021-04:00] [oam_server1] [WARNING] [OAMSSA-20007] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..
  [2012-08-11T08:37:27.021-04:00] [oam_server1] [ERROR] [OAMSSA-12126] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Cannot assert the username from DAP token.
  The user exists in OVD and appropriate attributes have been set.
  Comparing the trace for the two, in the OID trace, I see a 302 for the URL at /oam/server/dap/cred_submit. In the OVD trace, I see a 200 for the same URL.
  Following is a successful request when OID is set as the default user store:
  GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMzBGMUJFRTdGRkM0NjQxREFFQn5GODdEQjFEMjczMjZCQjFCQTZEQTlDQTI5RDA3RTA0QTQ2OThEQzdEfjRCMDk0OUE1RjgyNjcwRkU2M0E3OTM5QjI1OTlCMzdEfmRiYzEzMDFiMWMxOTFiMDA5ZmM3YWM5MTFjNjM5MDhjNTgwMzZjMzYyZDZhZTQ3OTY5ZGRiNTllYmVlMTUwMjkxYTY4MzQwZjU2ZGEwMmNhMmE4YTM0YWUwNmUxMjY4MzE5NmFkNjM4YzIwOTliMWZmM2NmZTRhMjYyYmU2N2M1MDEwYWY5OWFmOWU1NTg5NGIyYTVjYWRkOGRlMDI5NjVjN2I2YzM5YTJjMDU1NmU5OTJkMzU4Y2RlYzAxNmU4MWZjMDRiYjFjM2RhYTAzYzliNDIwNjQzOTZlNzZlMzZhOTMwZjI4YTAyMzdmMTI1NjVjOTcwYTk1NzFkZDMzNzQ%3D HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
  Referer: http://hostname.idpdomain.com/fed/user/?refid=id-5RtbGMaw6NfaaPUgth-wxZwxY5Q-
  Accept-Language: en-us
  UA-CPU: x86
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
  Host: hostname.spdomain.com:14101
  Connection: Keep-Alive
  Cache-Control: no-cache
  HTTP/1.1 302 Moved Temporarily
  Connection: close
  Date: Sat, 11 Aug 2012 12:42:32 GMT
  Transfer-Encoding: chunked
  Location: https://www.google.com
  Set-Cookie: OAM_ID=VERSION_4~8u5oPtHwZW/uJbd8ybw87A==~I2VDurl3pyBxQdHBmwHXXu5AabtNgaGcQx1FJ6v3sVzuoU0WOvMyDi40pizUWNrSIUkCIrl7Fc6cumRyKUAU0yHSHEtzwtiGO3bmiC7rOXKglLnO9Iw0eNUATA1AuJ7m9a6JxE5fX2vDFDYzk/H9eK5/74mO9TKNP0HTcKF6NzEluuTT3sRlQH3dAzBhPouTCO6yMmd00SmQEhrQxCpUc+ec78GFQgfKrE+6mDNTFSO9gHEB0JQ+xzGzzsr34BDCTB2FC41d0Q3tTGXANSHHRg==; path=/; secure; HttpOnly
  Set-Cookie: OAM_REQ=invalid; path=/; secure; HttpOnly
  X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000042d
  X-Powered-By: Servlet/2.5 JSP/2.1
  Following is a failed request when OVD is set as the default user store:
  GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMjRDREUyNUU4QTI1REUwMzVGM344MzRCNTU5RTNCREM1MjFBMjFBRDQ4MTBBNjMzMTI5QzM0MUU5RjI5fjA4ODY1M0JENjg1ODk1MTZDNUVGQjU0NTYwRjg5OEREfjYyMWE3NzhjMzUwMmVhODQ5MWRkMGIyYTBkYmM1MGU0ZDlmZTA0ZjE1NDBhMDVkOGM3ZWIwOGUzNGY3ZDhiNTBhMTNkMjY0MDliMGZmMmY2MzJjZGZjM2UzNzgzNzQ3YzM3OTIwYjlkMmNhZWY0ZDQ2M2MyYzE1NWM2MDkxMjI4MjU0NTEyZDIzODU3NTBlZjI4MjRlZTAzOWFkYmMxYTVmZWE3NTk5NTRlMGY3NTkyNjE5YTRkM2U3OTczZjZiMThmYzgxODg2MzM3ZDg5NzQ2NWUxYmZhNThjOGVmN2VhZmI5OGRiMDNiZmJmZGJjOWUzZmNjYTU1N2U5OWVjMDQ%3D HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
  Referer: http://hostname.idpdomain.com/fed/user/?refid=id-R5gYcX-W8o6-bQSR2IIYdkQLLKA-
  Accept-Language: en-us
  UA-CPU: x86
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
  Host: hostname.spdomain.com:14101
  Connection: Keep-Alive
  Cache-Control: no-cache
  HTTP/1.1 200 OK
  Cache-Control: no-cache, no-store
  Date: Sat, 11 Aug 2012 12:37:26 GMT
  Pragma: no-cache
  Content-Length: 2051
  Content-Type: text/html; charset=UTF-8
  Expires: 0
  Set-Cookie: OAM_JSESSIONID=0VksQmSHwhpr2vT33Kq1ZgqWgxrtk2BXxpr4PgmL1LwThMxYSlKQ!-450564370; path=/; HttpOnly
  X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f
  X-Powered-By: Servlet/2.5 JSP/2.1

  Hi AV,
  we had the same problem
  the reason was a wrong definition in cutomizing
  Partner Processing -> Define Partner Determination Procedure -> User Interface Settings
  there for the relevant procedure we had to define this sequence of functions :
  1. Activity Partner
  2. Contact Partner
  3. Employee Responsible
  4. Sales Representative
  Regards
  Meinrad