Domain Administration Server HA

Greetings,
I'm in the process of setting up a Appserver cluster, with four nodes.
Originally I planned to install domain administration server on one machine, then install nodeagents on all four machines.
I was going to create a cluster and add the node agents.
However, what I have run into is, if I lose the machine that is the domain adminstration server, what will I do?
Can I install domain adminstration servers on multiple machines and manage the same cluster configuration? do I just need to mirror the "domains" directory to another server, and if that macine fails I can start that domain on another machine?
I guess my questions would be what the best practices are for deploying applications server cluster and how to maintain high availability on the administration servers.
I'm using Version 8 Enterprise Addistion btw.
Thanks in advance!
Jeremy
3nt3r 7h3 r341m http://www.society86.com
What the blog?! http://trellipses.blogspot.com

I am in the same place as Jeremy and would like an answer to his question.
Also regarding recreating the the DAS:
Lets say you set up a cluser with 2 server instances across 2 machines with the Admin (DAS) server on the first nodeagent/server instance machine. Can you use the second nodeagent/server instance machine as the backup machine to recreate the DAS? If so, any special instructions? I certainly do not want to have to involve a 3rd machine.

Similar Messages

Cannot connect to Domain\administrator from ny RDC after assigning an active directory domain to my server

hi, I'm using windows server 2012 R2 and I was Just wondering how to make the Remote Desktop enable connection through domain\administrator before actually creating the domain... In other words, I wanted to create an Active Directory Domain User and connect
to the server from the RDP. The problem is that I can only connect through the RDP considering that I'm using Windows Azure, so the physical server isn't actually sitting on my desk... Anyway when I create an AD DS the system automatically reboots and I'm
not able to connect to it anymore, so all I need to do right now is enable somehow the Remote Desktop Services to connect through "Domain\Administrator" before I actually create the AD DS and assign it to my server so that when the system reboots
and I open the RDP I can connect to the server.
Thanks in advance.

Hi,
Thank you for posting in Windows Server Forum.
As per your comment, it seems that you are managing the server with .RDP file. I can suggest you to run
"Remote Desktop Connection Manager” for maintaining server. With that you can specify the credential for domain\administrator and when you setup the AD DS, after that you can open the connection through domain\administrator and not as local user.
Hope it helps!
Thanks,
Dharmesh

Built-in domain Administrator account not given full access to new Exchange 2013 server

I migrated from Exchange 2010 to 2013 over the weekend. I cannot log into the EAC with my domain administrator account I use to log into all my other servers. I also cannot run the clean-mailboxdatabase cmdlet logged in as this user. I
had no trouble moving mailboxes from the old server to the new server with this account though.
This account is a member of: Domain Admins, Enterprise Admins, Exchange Full Admin, Exchange Organization Admin, Organization Management, Schema Admins, Server Management.
I can log into the EAC with another admin account that has the same memberships as the Administrator account.
I tried giving the account the role of "Databases" as suggested by others to fix the clean-mailboxdatabase issue but that did not work for me either.
The Administrator mailbox has been moved to the new database on the Exchange 2013 server. The Exchange 2010 has been decommissioned and is turned off.

Hi,
Based on my research, to retrieves the mailbox statistics for the disconnected mailboxes for all mailbox databases in the organization, we can try the following command:
Get-MailboxDatabase | Get-MailboxStatistics -Filter 'DisconnectDate -ne $null'
http://technet.microsoft.com/en-us/library/bb124612(v=exchg.150).aspx
Additionally, The Identity parameter specifies the disconnected mailbox in the Exchange database and it can be display name instead of mailbox GUID.
http://technet.microsoft.com/en-us/library/jj863439(v=exchg.150).aspx
Hope it can help you.
Thanks,
Angela Shi
TechNet Community Support

Limit Administrator Access to only OS Level functions on a Windows 2003 (and up) Domain Controller Server

I have read several articles such as:1.  <a href="http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS">http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS</a>2. 
Active_Directory_Delegation.docConsider that a domain controller, doing no other functions than domain based functions (ie no file server, printer or app server) - is managed in two parts:  The OS-only level, to read log files,
server health monitoring, install OS-level Micrsoft security patching and the second part being Domain management level - Users and Computers, Domains and Trusts, etc).For a given domain controller server, an outsourced support group needs
to be responsible for the OS-only level access - they need no access to the Domain management level functions so they can fufill contractual obligations (SLAs) for server uptime, patching etc.  For the same given domain controller
server above, there is an internal (non-outsourced) support group that will perform all Domain management level functions only.  They want to manage the Domain on the Domain Controller servers, want the Outsourcer to manage the VM and OS-related tasks,
but DO NOT want them to be able to access and change information in Users and Computers, Domains and Trusts etc.  With that explaination, would putting the Outsourcer's AD-based account IDs in the Server Operators group alone be
sufficient to allow OS-level management, like patching, reboots, etc but disallow access to Domain Management functionality (Users and Computers etc) - or does it need to be a combination of built in groups and delgated rights?Please consider
that I am seeking a technical solution here - do not respond with "either trust your Domain Administrators or keep your junior admins from the server" as that is not a viable solution.  
Jason B. Allen

Hi Jason,
According to your description, you want to assign the OS-level management and Domain management rights to two groups separately, right?
Based on my research, members of Server Operators group don’t have sufficient rights to install updates for Domain Controllers, you can refer to this article below:
Default groups
http://technet.microsoft.com/en-us/library/cc756898(v=WS.10).aspx
You can configure Allow non-administrators to receive update notifications group policy so that non-administrative users will be able to install all optional, recommended, and important updates content for which
they received a notification, except some updates which contain User Interface, End User License Agreement and so on, which still require domain admin credentials.
To enable non-administrator users the ability of logging onto and shutting down DCs,
Allow logon locally and Shut down the System rights should be granted.
In addition, reading logs and monitoring server performance rights are included on Performance Log Users and Performance Monitor Users groups.
More information for you:
Step 5: Configure Group Policy Settings for Automatic Updates
http://technet.microsoft.com/en-us/library/dn595129.aspx
User Rights Assignment
http://technet.microsoft.com/en-us/library/cc780182(v=WS.10).aspx
I hope this helps.
Amy Wang

Administration Server in Domains

I have a domain with one Administration Server and some Managed Servers and I want
to controll the state of each Managed Server (running or not) from outside.
Is it possible to manage each Managed Server also if the Administration Server
is not active?
Or in this case is it necessary to controll directly each Managed Server state?

Hi Deepak,
Unfortunately the server logs do not show any problems, errors or exceptions. The server just hangs and stops responding! It does not seem to crash though, it just hangs... When I point a browser to the URL served by the server, the browser doesn't tell "connection refused"; rather it shows a white screen as though it is waiting for reply but never gets it. Logs do not show any activity on the server side (neither access.log nor server log).
I understand this is a subtle situation where you need more details to figure out what's going on. Please ask me more specific questions and I will gladly provide you with answers.
Maybe there are more files I need to look in, or maybe there are some system/JVM settings you are interested in.
Sincerely,
Sergei Batiuk.

Server restrict from domain administrator account

I have a server 192.168.1.XXX which is added in AD domain but I would like to restrict this server from domain administrator account.
192.168.1.XXX server will be access by local account only.
Please help..

I have a server 192.168.1.XXX which is added in AD domain but I would like to restrict this server from domain administrator account.
192.168.1.XXX server will be access by local account only.
Please help..
You received some great suggestions and info. Curious, why would you want to remove the domain admin account from accessing the server?
Maybe a stand alone server may be a better solution? You can still access domain resources from a stand alone using specific domain accounts, but the machine won't be joined to the domain preventing the domain admin account from accessing it.
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Connecting managed server to cluster's administration server

Hello,
I have a problem when trying to connect managed server to cluster's
administration server.
When starting the managed server I get a security exception:
[javax.naming.AuthenticationException [Root exception is
java.lang.SecurityException: Administrators must log in over admin port with
admin protocol.]]
weblogic.management.configuration.ConfigurationException: admin URL:
t3://192.168.14.15:7001 - with nested exception:
[javax.naming.AuthenticationException [Root exception is
java.lang.SecurityException: Administrators must log in over admin port with
admin protocol.]]
at
weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:893)
at weblogic.management.Admin.start(Admin.java:303)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
I get the same result when testing the connection setup with
java weblogic.Admin -url 192.168.14.15:7001 -username system -password xyz
CONNECT 1
Background for this problem:
I'm trying to evaluate WLS6.0 clustering for my RMI services. I have two
machines setup with my test domain (DEdomain) and one cluster (DECluster)
within it.
In administration server (machine A) I defined two servers to be run in
machine A and machine B:
DEserver2 in machine B (to be started as managed server) and DEserver3
in machine A
I'm going to bind a same service into these above servers of my DECluster.
In machine B's startManagedWeblogic.sh I have:
java -ms64m -mx64m -classpath
$CLASSPATH -Dweblogic.Domain=DEdomain -Dweblogic.Name=$SERVER_NAME -Dweblogi
c.management.server=$ADMIN_URL -Djava.security.policy==$WL_HOME/lib/weblogic
.policy -Dweblogic.management.username=system -Dweblogic.management.password
=$WLS_PW weblogic.Server
In machine A I have administration server DEserver1 listening port 7001.
And for the domain and cluster building I followed all relevant e-docs
manual pages. It's still somewhat blurry what kind of preparations I have to
make in managed server side to join the domain; for example do I have to
have identical domain directory structure within machine B and do I have to
configure something with admin console or is everything handled by
connecting to the administation server and reading the domain's config.xml
from machine A.
I'm sure I have missed some fundamental idea for building clustered services
and would greatly appreciate if someone had any good tips or ideas.
Best regards,
Harri

Hi Kumar,
and thank you. That fixed my problem
Best regards,
Harri
"Kumar Allamraju" <[email protected]> wrote in message
news:[email protected]...
It appears you had set the administration port & listen port on the admin
server.
Logging onto admin server via admin port is broken currently. I wouldsuggest
you to set only listen port
and see how that goes.
Kumar
"Harri Töhönen" wrote:
Hello,
I have a problem when trying to connect managed server to cluster's
administration server.
When starting the managed server I get a security exception:
[javax.naming.AuthenticationException [Root exception is
java.lang.SecurityException: Administrators must log in over admin portwith> > admin protocol.]
weblogic.management.configuration.ConfigurationException: admin URL:
t3://192.168.14.15:7001 - with nested exception:
[javax.naming.AuthenticationException [Root exception is
java.lang.SecurityException: Administrators must log in over admin portwith> > admin protocol.]
at
weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:893)
at weblogic.management.Admin.start(Admin.java:303)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
I get the same result when testing the connection setup with
java weblogic.Admin -url 192.168.14.15:7001 -username system -password
xyz
CONNECT 1
Background for this problem:
I'm trying to evaluate WLS6.0 clustering for my RMI services. I have two
machines setup with my test domain (DEdomain) and one cluster(DECluster)
within it.
In administration server (machine A) I defined two servers to be run in
machine A and machine B:
DEserver2 in machine B (to be started as managed server) andDEserver3
in machine A
I'm going to bind a same service into these above servers of myDECluster.
>>
In machine B's startManagedWeblogic.sh I have:
java -ms64m -mx64m -classpath
$CLASSPATH -Dweblogic.Domain=DEdomain -Dweblogic.Name=$SERVER_NAME -Dweblogi
>>
c.management.server=$ADMIN_URL -Djava.security.policy==$WL_HOME/lib/weblogic
>>
.policy -Dweblogic.management.username=system -Dweblogic.management.password
=$WLS_PW weblogic.Server
In machine A I have administration server DEserver1 listening port 7001.
And for the domain and cluster building I followed all relevant e-docs
manual pages. It's still somewhat blurry what kind of preparations Ihave to
make in managed server side to join the domain; for example do I have to
have identical domain directory structure within machine B and do I haveto
configure something with admin console or is everything handled by
connecting to the administation server and reading the domain'sconfig.xml
from machine A.
I'm sure I have missed some fundamental idea for building clusteredservices
and would greatly appreciate if someone had any good tips or ideas.
Best regards,
Harri

How to Reset Windows 2008/R2 Domain Administrator Password

How to Reset Windows Server 2008/R2 Domain Administrator password if forgot or lost it?
It is annoying and bad to forget a Windows Server 2008/r2 Domain administrator login password. It is troublesome unless you have that Windows Server 2008/r2 password reset disk. We can still find several tricks to reset Windows Server Domain password but they require a mass of operations and waste a lot of time. For example, you can reset Windows Server 2008/R2 domain administrator password with an installation disk but it requires you to type a mass of command line. So today I want to share everyone an omnipotent method to reset Windows Server 2008/R2 Domain/local administrator password. You need the following 3 things.
An accessible PC.
A USB/CD/DVD flash drive.
The Windows password reset tool Daossoft Windows Password Rescuer.
Then it requires 4 steps as below:
Step 1: Download and install Daossoft Windows Password Rescuer into that accessible computer.
Step 2: Burn it to the flash drive.
Step 3: Boot your Windows Server computer from the flash drive.
Step 4: Follow its instruction and click “Reset Password” button to reset your Windows 2008/R2 Domain/Local administrator password.
More details in this video: Windows Server 2008 R2 Password Reset - Reset Domain or Local Password.

It wasn't difficult to reset the domain password and I think Microsoft's policy of not providing an easy forward way is to create an
illusion of security which is not there. Linux systems that are much more secure that MSFT software allow easy password reset when physical access is there so why not include the same tools in System Repair tools or using F8?
Anyhow, this guide helped me reset the password in 5 minutes. Read the bottom of it to find the scripted / automatic version of the process:
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
Thanks,

Domain Administrator account being locked up by PDC

Hi everyone,
My PDC is locking up my domain administrator (administrateur in french) account.
System event logs :
The SAM database was unable to lockout the account of Administrateur due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please
consider resetting the password of the account mentioned above.
Level : Error
Source : Directory-Services-SAM
Event ID : 12294
Computer : Contoso-PDC
User : System
There is absolutely no events in the security events log, not a single "Audit Failure" event for the "administrateur" account.
I tried to change the name of the domain administrator account from "administrateur" to "administrator".
Now there is "Audit failure" events poping up in the security event logs.
Once again the Source Workstation is the PDC. I guess those events are there because it receive credential validation for an account who doesn't exist anymore since it have been renamed in "Administrator".
Here is the detail log :
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Administrateur
Account Domain: CONTOSO
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: CONTOSO-PDC
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
On the PDC i checked :
Services : None of them are started with the "administrateur" account
Network Share : There is no network share ...
Task Scheduler : None of the tasks are launch with the "administrateur" account.
And the logon type (3:network) seem to indicate that the login comes from an other computer but i have nothing to look for, not a single IP.
Any ideas?
ps : Sorry for the probable english mistakes :(

Hi,
Thanks for you answers.
San4wish :
Lockout tool confirm that the domain administrator account is locked on my PDC. I didn't run eventcomb but i though it only helped parsing security event logs which i did "manually". Anyway i'll try eventcomb after this week end.
About the conficker worm : I looked into it and this worm was exploiting a vulnerability in the server service. It have been patched by MS08-067 (KB958644) and this kb isn't available for Windows 2008 R2 and Windwos 2012 so i guess Windows 2008 R2 have
fixed this vulnerabilty.
So i doubt its a conficker type worm.
Also i gave the PDC role to another DC (let's call him DC2) and now DC2 is locking the administrator account so it seems that the computer locking the account is doing it through the network and it's not something executed on the DCs.

Windows 7 64-bit Pro not connecting to SQL Server on domain Windows Server 2008 R2 Standard

I am upgrading computers from Windows XP Professional to Windows 7 Professional but I have a problem getting one of the stock control software programs we use to connect to our SQL Windows Server 2008 R2 Standard from the new Windows 7 computers.
Our computers are connected to a domain and so is the SQL Server. The Windows XP computers allows each standard domain user to log on and connect to the SQL Server via the stock control software program.
But on the Windows 7 Pro computers standard domain users can't connect to the SQL Server but the domain administrator accounts on the same Windows 7 Pro computers can connect to the SQL Server via the stock control program.
I have setup the server alias, server name and port number via the SQL Server Client Network Utility (cliconfg.exe) so I know this isn't the problem as it works when I am logged on as domain administrator.
It seems to be something to do with domain user permissions and Windows 7 Pro. There seems to be a change from Windows XP Pro to Windows 7 Pro that doesn't allow standard domain users to connect to an SQL Server. But I can't find anything about this and
can't workout how to fix it except to make all the users domain administrators which is obviously not a good thing to do. So basically I I think I need to create a group policy that allows the users to connect to the SQL Server but I have no experience doing
this and don't know where to begin.
Thanks for all you guys help and I hope someone can provide me with the solution to this problem.

Hi,
Was there any message?
Please run the stock control software as Administrator to check if it was caused by UAC.
If it could run as administrator, please add the standard domain user to local administrator.
Karen Hu
TechNet Community Support

EAS server error: Could not connect to administration Server

Hi,
I have installed Hyperion suite in Windows server 2008 R2. It was working fine but now when i tried to login in to the EAS console, I am getting the following error:
"Server Error: Could not connect to administration server".
I tried accessing the same through the web URL and I found "404 error - file or directory not found".
I verified all my services are up and running fine. I am able to connect to the essbase sever through Excel as well as planning.
The log retireved from the HyS9eas-sysout.log file is below:
<Sep 11, 2013 7:06:56 AM JST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Sep 11, 2013 7:06:57 AM JST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Sep 11, 2013 7:06:58 AM JST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Oracle JRockit(R) Version R28.0.2-11-135406-1.6.0_20-20100624-2119-windows-x86_64 from Oracle Corporation>
<Sep 11, 2013 7:07:04 AM JST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.4.0 Fri Dec 17 20:47:33 PST 2010 1384255 >
<Sep 11, 2013 7:07:15 AM JST> <Emergency> <Management> <BEA-141151> <The admin server could not be reached at http://localhost:7001.>
<Sep 11, 2013 7:07:15 AM JST> <Info> <Configuration Management> <BEA-150018> <This server is being started in managed server independence mode in the absence of the admin server.>
<Sep 11, 2013 7:07:15 AM JST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Sep 11, 2013 7:07:15 AM JST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Sep 11, 2013 7:07:16 AM JST> <Notice> <LoggingService> <BEA-320400> <The log file E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\EssbaseAdminServices0\logs\EssbaseAdminServices0.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Sep 11, 2013 7:07:16 AM JST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\EssbaseAdminServices0\logs\EssbaseAdminServices0.log00410. Log messages will continue to be logged in E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\EssbaseAdminServices0\logs\EssbaseAdminServices0.log.>
<Sep 11, 2013 7:07:16 AM JST> <Notice> <Log Management> <BEA-170019> <The server log file E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\EssbaseAdminServices0\logs\EssbaseAdminServices0.log is opened. All server side log events will be written to this file.>
<Sep 11, 2013 7:07:48 AM JST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Sep 11, 2013 7:07:56 AM JST> <Warning> <JTA> <BEA-110503> <The migrator(the AdminServer for manual JTA migration policy, or the Singleton Master for automatic JTA migration policy) is not available. Will skip JTA TRS failback because isStrictOwnershipCheck is [false]. This may lead to potencial TLOG corruption if TRS of EssbaseAdminServices0 has been migrated to backup server and the backup server is accessing the TLOG of EssbaseAdminServices0. More safety can be achieved by setting isStrictOwnershipCheck to [true].>
<Sep 11, 2013 7:08:35 AM JST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Sep 11, 2013 7:08:35 AM JST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@9830ac
Calling getDomainConfiguration()
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@9830ac
Calling getRuntimeService()
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@9830ac
return com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean
return com.bea:Name=EPMSystem,Type=Domain
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@9830ac
Domain location is 'E:\Oracle\Middleware\user_projects\domains\EPMSystem'
Calling getRuntimeService()
return com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@9830ac
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@9830ac
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@9830ac
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@9830ac
Checking E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\EssbaseAdminServices0\registry_update.xml file
EPM_ORACLE_HOME: E:\Oracle\Middleware\EPMSystem11R1
Template for EAS#11.1.2.0: E:\Oracle\Middleware\EPMSystem11R1\common\templates\applications\epm_eas_11.1.2.1.jar
Dependencies for E:\Oracle\Middleware\EPMSystem11R1\common\templates\applications\epm_eas_11.1.2.1.jar: [Oracle EPM Common, Oracle EPM Calcmgr, Oracle EPM Planning libraries, Oracle EPM EAS libraries, Oracle EPM Misc libraries, Oracle EPM Xerces libraries]
BPMUI shared webapp not referenced from EAS#11.1.2.0
Application name: EAS#11.1.2.0
Application source: eas.ear
Server name: EssbaseAdminServices0
Server port: 10080
Server SSL port: 10083
Application context: eas
Registry product type: ESSBASE_PRODUCT
Registry physical web application type: ADMIN_SERVICES_WEB_APP
weblogic.Name property is 'EssbaseAdminServices0', seems to be WebLogic mode
registry.isRegistryDatabaseCreated()true
Registry was initialized sucessfully
Executing pre custom update for EAS#11.1.2.0
EPM_ORACLE_INSTANCE: E:\Oracle\Middleware\user_projects\epmsystem1
<Sep 11, 2013 7:09:06 AM JST> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'EAS [Version=11.1.2.0]' due to error java.lang.NullPointerException.
java.lang.NullPointerException
at java.io.File.<init>(File.java:222)
at com.hyperion.hit.tool.deploy.update.util.RegistryHelper.createPhysicalWebApp(RegistryHelper.java:168)
at com.hyperion.hit.tool.deploy.update.RegistryUpdater.update(RegistryUpdater.java:36)
at com.hyperion.hit.tool.deploy.update.RegistryUpdateListener.preStart(RegistryUpdateListener.java:91)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
Truncated. see log file for complete stacktrace
Caused By: java.lang.NullPointerException
at java.io.File.<init>(File.java:222)
at com.hyperion.hit.tool.deploy.update.util.RegistryHelper.createPhysicalWebApp(RegistryHelper.java:168)
at com.hyperion.hit.tool.deploy.update.RegistryUpdater.update(RegistryUpdater.java:36)
at com.hyperion.hit.tool.deploy.update.RegistryUpdateListener.preStart(RegistryUpdateListener.java:91)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
Truncated. see log file for complete stacktrace
>
<Sep 11, 2013 7:09:06 AM JST> <Emergency> <Deployer> <BEA-149259> <Server 'EssbaseAdminServices0' in cluster 'EssbaseAdminServices' is being brought up in administration state due to failed deployments.>
<Sep 11, 2013 7:09:17 AM JST> <Notice> <Cluster> <BEA-000197> <Listening for announcements from cluster using unicast cluster messaging>
<Sep 11, 2013 7:09:17 AM JST> <Notice> <Cluster> <BEA-000133> <Waiting to synchronize with other running members of EssbaseAdminServices.>
<Sep 11, 2013 7:09:22 AM JST> <Warning> <Log Management> <BEA-170011> <The LogBroadcaster on this server failed to broadcast log messages to the admin server. The Admin server may not be running. Message broadcasts to the admin server will be disabled.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file E:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoIdentity.jks.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file E:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoTrust.jks.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file E:\Oracle\Middleware\jrockit_160_20\jre\lib\security\cacerts.>
<Sep 11, 2013 7:09:48 AM JST> <Alert> <Security> <BEA-090152> <Demo trusted CA certificate is being used in production mode: [
Version: V3
Subject: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 512 bits
modulus: 9550192877869244258838480703390456015046425375252278279190673063544122510925482179963329236052146047356415957587628011282484772458983977898996276815440753
public exponent: 65537
Validity: [From: Fri Mar 22 05:12:27 JST 2002,
 To: Wed Mar 23 05:12:27 JST 2022]
Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
SerialNumber: [ 33f10648 fcde0deb 4199921f d64537f4]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Algorithm: [MD5withRSA]
Signature:
0000: 9D 26 4C 29 C8 91 C3 A7 06 C3 24 6F AE B4 F8 82 .&L)......$o....
0010: 80 4D AA CB 7C 79 46 84 81 C4 66 95 F4 1E D8 C4 .M...yF...f.....
0020: E9 B7 D9 7C E2 23 33 A4 B7 21 E0 AA 54 2B 4A FF .....#3..!..T+J.
0030: CB 21 20 88 81 21 DB AC 90 54 D8 7D 79 63 23 3C .! ..!...T..yc#<
] The system is vulnerable to security attacks, since it trusts certificates signed by the demo trusted CA.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "Default[6]" is now listening on 127.0.0.1:10080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[6]" is now listening on 127.0.0.1:10083 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "Default[7]" is now listening on 0:0:0:0:0:0:0:1:10080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[7]" is now listening on 0:0:0:0:0:0:0:1:10083 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "Default[3]" is now listening on fe80:0:0:0:0:5efe:a0e:daee:10080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 10.14.126.11:10080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[5]" is now listening on fe80:0:0:0:0:5efe:a0e:224b:10083 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[3]" is now listening on fe80:0:0:0:0:5efe:a0e:daee:10083 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[1]" is now listening on 10.14.126.11:10083 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "Default[5]" is now listening on fe80:0:0:0:0:5efe:a0e:224b:10080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "Default[2]" is now listening on 10.14.34.75:10080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[4]" is now listening on fe80:0:0:0:0:5efe:a0e:7e0b:10083 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 10.14.218.238:10083 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.14.218.238:10080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[2]" is now listening on 10.14.34.75:10083 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <Server> <BEA-002613> <Channel "Default[4]" is now listening on fe80:0:0:0:0:5efe:a0e:7e0b:10080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Sep 11, 2013 7:09:48 AM JST> <Notice> <WebLogicServer> <BEA-000358> <Started WebLogic Independent Managed Server "EssbaseAdminServices0" for domain "EPMSystem" running in Production Mode>
<Sep 11, 2013 7:09:48 AM JST> <Warning> <JMX> <BEA-149510> <Unable to establish JMX Connectivity with the Adminstration Server AdminServer at <JMXServiceURL:null>.>
<Sep 11, 2013 7:09:48 AM JST> <Warning> <Server> <BEA-002611> <Hostname "SJ015040", maps to multiple IP addresses: 10.14.126.11, 10.14.34.75, 10.14.218.238, 0:0:0:0:0:0:0:1>
<Sep 11, 2013 7:09:53 AM JST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Sep 11, 2013 7:09:53 AM JST> <Notice> <WebLogicServer> <BEA-000360> <Server started in ADMIN mode>
HyS9eas-syserr.log is empty and I dont find anyother details from the other log files.
Kindly help me out in solving this issue.
Thanks in advance.
Regards,
Balaji P

Hi John,
Sorry for replying late.
I ran the EPM diagnostic and found EAS & APS application are failed. So as you mentioned, i tried re-deployment through EPM configurator.
But Re-configuration fails with error "An unexpected error occurred and the application will have to shut down" .
When i looked in to the Config tool.log,I got the following messages.
[2013-09-17T18:17:04.635+09:00] [EPMCFG] [TRACE] [EPMCFG-01001] [oracle.EPMCFG] [tid: 17] [ecid: 0000K4fDMY^0zkgpxC^AyW1IE1pJ000003,0:325] [SRC_CLASS: com.hyperion.hit.tool.deploy.utils.UIPortUtil] trace: Parsing server FinancialReporting0 on port 8200 from registry
[2013-09-17T18:17:04.827+09:00] [EPMINS] [ERROR] [EPMINS-00001] [oracle.EPMINS] [tid: 17] [ecid: 0000K4fDMY^0zkgpxC^AyW1IE1pJ000003,0:325] [SRC_CLASS: com.hyperion.hit.wizard.Wizard] trace: Unexpected error:[[
java.lang.NullPointerException
at com.hyperion.hit.tool.deploy.utils.UIPortUtil.<init>(UIPortUtil.java:83)
at com.hyperion.hit.tool.deploy.utils.UIPortUtil.getInstance(UIPortUtil.java:53)
at com.hyperion.config.wizard.DeploymentField.getAppServerDeploymentData(DeploymentField.java:235)
at com.hyperion.config.wizard.DeploymentField.<init>(DeploymentField.java:56)
at com.hyperion.config.wizard.impl.DeploymentForm.<init>(DeploymentForm.java:57)
at com.hyperion.config.wizard.impl.DeploymentState.initializeBeforeShowOnNext(DeploymentState.java:56)
at com.hyperion.hit.wizard.Wizard$NextClass.run(Wizard.java:522)
at java.lang.Thread.run(Thread.java:619)
Since it is similare to the Oracle konwledge base article - (Doc ID 1570293.1), I tried adding the shared service domain to the Windows host file. But i am still recieveing the same error message as above.
Appreciates your help.
Thanks & Regards,
Balaji P

The server name osr_server1 is unknown to the administration server

I have successfully installed OSR and created WLS Domain using config.cmd. But when I try to start by command line (startManagedWebLogic.cmd osr_server1) I got the error "server is unknown". I have no idea what could be wrong.
Basically I followed http://niallcblogs.blogspot.com.br/2010/09/oracle-service-registry-and-osb11g.html.
The complete command line is:
C:\Oracle\Middleware\user_projects\domains\base_domain\bin>startManagedWebLogic.
cmd osr_server1
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=
48m -XX:MaxPermSize=128m
WLS Start Mode=Development
CLASSPATH=C:\Oracle\MIDDLE~1\patch_wls1036\profiles\default\sys_manifest_classpa
th\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_oepe180\profiles\default\sys_mani
fest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\defau
lt\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_adfr1111\p
rofiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\JDK
160~1\lib\tools.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\
Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\modules\fe
atures\weblogic.server.modules_10.3.6.0.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server
\lib\webservices.jar;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\Or
acle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\Oracle\MIDDLE~1\WLSERV
~1.3\common\derby\lib\derbyclient.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\x
qrl.jar;C:\Program Files\Java\jdk1.7.0_09\jre\lib
PATH=C:\Oracle\MIDDLE~1\patch_wls1036\profiles\default\native;C:\Oracle\MIDDLE~1
\patch_oepe180\profiles\default\native;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\
default\native;C:\Oracle\MIDDLE~1\patch_adfr1111\profiles\default\native;C:\Orac
le\MIDDLE~1\WLSERV~1.3\server\native\win\32;C:\Oracle\MIDDLE~1\WLSERV~1.3\server
\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\Oracle\MIDDLE~1\JDK160~1\jre\b
in;C:\Oracle\MIDDLE~1\JDK160~1\bin;C:\Oracle\product\11.1.0\client_1\bin;C:\Wind
ows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowe
rShell\v1.0\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program File
s\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Micr
osoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft Visual Studio 9.0\Co
mmon7\IDE\PrivateAssemblies\;c:\Program Files\Microsoft SQL Server\90\Tools\binn
\;C:\Program Files\Java\jdk1.7.0_09\bin;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\nat
ive\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Java HotSpot(TM) Client VM (build 20.4-b02, mixed mode)
Starting WLS with line:
C:\Oracle\MIDDLE~1\JDK160~1\bin\java -client -Xms256m -Xmx512m -XX:CompileThre
shold=8000 -XX:PermSize=48m -XX:MaxPermSize=128m -Dweblogic.Name=osr_server1 -D
java.security.policy=C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy -D
weblogic.security.SSL.trustedCAKeyStore="C:\Oracle\Middleware\wlserver_10.3\serv
er\lib\cacerts" -Xverify:none -da -Dplatform.home=C:\Oracle\MIDDLE~1\WLSERV~1.
3 -Dwls.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server -Dweblogic.home=C:\Oracle\MIDD
LE~1\WLSERV~1.3\server -Dweblogic.management.discover=false -Dweblogic.managem
ent.server=http://SISTEMA026:7001 -Dwlw.iterativeDev=false -Dwlw.testConsole=fa
lse -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\patch_
wls1036\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_oepe
180\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_ocp371\p
rofiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_adfr1111\prof
iles\default\sysext_manifest_classpath weblogic.Server
<19/11/2012 18h40min53s BRST> <Info> <Security> <BEA-090905> <Disabling CryptoJ
JCE Provider self-integrity check for better startup performance. To enable this
check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<19/11/2012 18h40min53s BRST> <Info> <Security> <BEA-090906> <Changing the defau
lt Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable
this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<19/11/2012 18h40min53s BRST> <Info> <WebLogicServer> <BEA-000377> <Starting Web
Logic Server with Java HotSpot(TM) Client VM Version 20.4-b02 from Sun Microsyst
ems Inc.>
<19/11/2012 18h40min53s BRST> <Info> <Security> <BEA-090065> <Getting boot ident
ity from user.>
Enter username to boot WebLogic server:weblogic_osr2
Enter password to boot WebLogic server:
<19/11/2012 18h41min23s BRST> <Info> <Management> <BEA-141107> <Version: WebLogi
c Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 >
<19/11/2012 18h41min24s BRST> <Emergency> <Management> <BEA-141151> <The admin s
erver could not be reached at http://SISTEMA026:7001.>
<19/11/2012 18h41min24s BRST> <Critical> <WebLogicServer> <BEA-000362> <Server f
ailed. Reason:
There are 1 nested errors:
weblogic.management.ManagementException: The server name osr_server1 is unknown
to the administration server. Check if restart is required.
at weblogic.management.provider.internal.RuntimeAccessImpl.initialize(Ru
ntimeAccessImpl.java:447)
at weblogic.management.provider.internal.RuntimeAccessService.start(Runt
imeAccessService.java:49)
at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesMan
ager.java:461)
at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServ
icesManager.java:166)
at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:881)
at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:568)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:469)
at weblogic.Server.main(Server.java:71)
>
<19/11/2012 18h41min24s BRST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to FAILED>
<19/11/2012 18h41min24s BRST> <Error> <WebLogicServer> <BEA-000383> <A critical
service failed. The server will shut itself down>
<19/11/2012 18h41min24s BRST> <Notice> <WebLogicServer> <BEA-000365> <Server sta
te changed to FORCE_SHUTTING_DOWN>

Yes, there are the tags you have suggested. The complete config.xml is below.
I tried:
C:\Oracle\Middleware\user_projects\domains\base_domain\bin>startManagedWebLogic.
cmd osr_server1
When asked the user, I tried the node-manager-username weblogic_osr2 and the admin user but I always received the error: The server name osr_server1 is unknown to the administration server.
<?xml version="1.0" encoding="UTF-8" ?>
- <domain xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd" xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<name>base_domain</name>
<domain-version>10.3.6.0</domain-version>
- <security-configuration>
<name>base_domain</name>
- <realm xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator">
<sec:authentication-provider xsi:type="wls:default-authenticatorType" />
- <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xsi:type="wls:default-role-mapperType" />
<sec:authorizer xsi:type="wls:default-authorizerType" />
<sec:adjudicator xsi:type="wls:default-adjudicatorType" />
<sec:credential-mapper xsi:type="wls:default-credential-mapperType" />
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType" />
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
- <sec:password-validator xsi:type="pas:system-password-validatorType">
<sec:name>systemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}LArhcMlb7Jdt2zQbNnzLdi3luhgdNyPJS1JIVb9H+VWi5XcC9SP4SQa/8mp/SKI072DoA/sGnzvYDqpn3OxQl3pE0LxaXoOmYNnWsSv/keo8I0rMvrXWJXqn4fbSl9bd</credential-encrypted>
*<node-manager-username>weblogic_osr2</node-manager-username>*
<node-manager-password-encrypted>{AES}1SioVLWu3mu/u6y/You1ZGeBTXJHfUCq+loZSCVOdSE=</node-manager-password-encrypted>
</security-configuration>
- <server>
<name>AdminServer</name>
<listen-address />
</server>
- <server>
*<name>osr_server1</name>*
<listen-port>7101</listen-port>
<listen-address>sistema026.br-lihi.libertyinternational.com</listen-address>
</server>
- <embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}C+0tyHN5wihXjDHQKdQt/5PvYpko8rS0PL6wSSvp3sHLZscRB1RjSNL8MXfHHjwW</credential-encrypted>
</embedded-ldap>
<configuration-version>10.3.6.0</configuration-version>
- <app-deployment>
<name>registry</name>
<target>osr_server1</target>
<module-type>war</module-type>
<source-path>C:\Oracle\Middleware\registry111/conf/porting/weblogic/build/registry.war</source-path>
<deployment-order>195</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<admin-server-name>AdminServer</admin-server-name>
- <jdbc-system-resource>
<name>jdbc/registryDS</name>
<target>osr_server1</target>
<descriptor-file-name>jdbc/registry-20121119171422-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
</domain>

Built in domain administrator... locked out?

PART-1
Today our built in domain administrator got locked out. From what I've read this is not possible. We were alerted on it and when I opened the object it said it was locked out. (I'll admit, I didn't try logging in with it). I double checked and the objects
SID does indeed end in -500 which is indicative of it being the built in account.
I ran this query:
$BA=(get-addomain).domainsid
$BA.tostring() + "-500"
and the only result I got back was the SID that matched the user in question.
What's going on? Was it truly locked out? I guess we will run a test tomorrow but I wanted to reach out to the forums too.
PART-2
Once this account was locked out we went to the source server and found that it was no longer on the domain. Instead it was in a workgroup that had a name that resembled our domain. I checked the event log and there were a ton of errors with event ID 4097
that said "The machine [machine-name] attempted to join the domain [FQ-domain-name]\[FQDN-of-PDC] but failed. The error code was 1326". These errors correspond with the time that the account was locked out. There were a ton of them...
The account that was originally used to join this machine to the domain was the built in admin above (I know, not best practice). Regardless, why would it switch from domain to a workgroup? Why would it attempt to auto re-join? And why would it use the account
originally used to join the domain?

I have found my answers...
Part 1:
The built-in administrator will get locked out and marked as locked out - however, when you go to log in with it, it will AUTOMATICALLY unlock the account. So essentially it cannot be locked out but it will give off the impression that it is.
you can however disable the account. .... supposedly if you ever have to recover your domain in restore mode it will enable the account for you... .never had an opportunity to test that and I hope I don't
Part 2:
This is a vmware related issue. The machine tried to re-run custom specs. Please see the following vmware article if you are having the same issue.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2078352
This is related to deploying machines with custom specs in 5.1 with hosts on build 1743533 (ESXi 5.1 patch 4)

Administration Server could not be reached

I have installed WebLogic 12c on a WinXP machine and configured a domain in development mode. Apart from the admin server there is only one managed server ms1.
By using the startup scripts I am successfully able to start both AdminServer and ms1 and access the console.
Then I enabled SSL ports on both AdminServer & ms1, enabled the domain Administration port, and overrode Local Administration Port for ms1.
The different port values are:
Administration Port = 9002
AdminServer (Listen Port = 7001, SSL Listen Port = 7002, Local Administration Port Override = 9002)
ms1 (Listen Port = 7011, SSL Listen Port = 7012, Local Administration Port Override = 9012)
Then I am able to start AdminServer from startWebLogic and it duly shows:
<Notice> <Server> <BEA-002613> <Channel "DefaultAdministration" is now listening on 127.0.0.1:9002 for protocols admin, ldaps, https.>
Also able to access the console at this point.
However then when I try to start ms1 using startManagedWebLogic.cmd ms1 https://127.0.0.1:9002 it is not able to connect to the admin server:
<Emergency> <Management> <BEA-141151> <The Administration Server could not be reached at https://127.0.0.1:9002.>
<Info> <Configuration Management> <BEA-150018> <This server is being started in Managed Server independence mode in the absence of the Administration Server.>
As mentioned before I am able to access the console from https://localhost:9002/console and netstat output shows:
TCP 127.0.0.1:9002 0.0.0.0:0 LISTENING
TCP 127.0.0.1:9002 127.0.0.1:3040 ESTABLISHED
TCP 127.0.0.1:9002 127.0.0.1:3042 ESTABLISHED
What could be the reason that while starting up ms1 is not able to connect to AdminServer on 9002? But all is fine when the administration port is not enabled.
Any help on this is much appreciated. Thanks!

Hello,
The problem still persists. I even tried changing a few of the port values and also the administration protocol to https from t3s but they didn't help.
This is how the config.xml looks now:
<server>
<name>AdminServer</name>
<ssl>
<enabled>true</enabled>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>true</hostname-verification-ignored>
<client-certificate-enforced>false</client-certificate-enforced>
<listen-port>7004</listen-port>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
</ssl>
<listen-port>7003</listen-port>
<listen-address>127.0.0.1</listen-address>
<administration-port>9003</administration-port>
</server>
<server>
<name>ms1</name>
<ssl>
<enabled>true</enabled>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>true</hostname-verification-ignored>
<client-certificate-enforced>false</client-certificate-enforced>
<listen-port>7012</listen-port>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
</ssl>
<machine xsi:nil="true"></machine>
<listen-port>7011</listen-port>
<cluster xsi:nil="true"></cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>127.0.0.1</listen-address>
<administration-port>9012</administration-port>
</server>
<administration-port-enabled>true</administration-port-enabled>
<administration-port>9003</administration-port>
<configuration-version>12.1.1.0</configuration-version>
<admin-server-name>AdminServer</admin-server-name>
<administration-protocol>https</administration-protocol>

Use case of FQDN parameter in CPPM -- Administration -- Server Configuration

Q: What is the difference between 'FQDN' & 'Hostname' parameter available in the ClearPass Server configuration?
A: The FQDN parameter is primarily used for SSO functionality with any external IDP servers. We can configure the VIP hostname of a ClearPass cluster to be the FQDN.
'Hostname' parameter in the Administration --> Server Configuration, does not need to be an FQDN. We can specify any user defined names. If we need to join the ClearPass cluster members to the same Active directory domain, then hostname should be different. Otherwise, it will create duplicate computer/machine accounts for ClearPass Server in the Domain Controller and may lead to PEAP-EAP-MSCHAPv2 authentication issues/failures for the clients against Active Directory.

You could use regular expressions to try to strip the "+" from your form variables but wouldn't it be easier to just have the select field display +5 and then just pass "5" and not use the plus character in your database or in your passed variables? Special characters in your passed variables is always a potential headache.
Lawrence *Adobe Community Expert*
www.Cartweaver.com
Complete Shopping Cart Application for
Dreamweaver, available in ASP, PHP and CF
www.twitter.com/LawrenceCramer

Domain Administration Server HA

Similar Messages

Maybe you are looking for