Tuxedo domain sizing question

Background:
This is a Peoplesoft app (PT 8.5, Tux 10gR3, Weblogic 11g)
We are moving from 4 app server virtual machines which each hosted a tuxedo domain (4 vcpu each, actually getting slices from 8 physical cpu each) to one physical server with 12 cores (2 6 core procs). We only need this horsepower for 7 30 minute events per year (course registration). Otherwise a single domain is fine.
We ran a test last event that showed a physical machine significantly outperformed the virtual when given similar resources, So we have decided to employ a large physical server.
We intended to configure 3 Tuxedo Domains, mostl;y as it helps us compare to where we came from (Webserver VM will still host one domain) so we are effectively throwing 4 cpu at each domain. This comes from an understanding that we shouldn't have too many appsrv processes in one domain. We currently run a a pre-spun 25 appsrv procs each domain, and we get ok performance. From the looks of our physical server test, our performance will improve.
During the peak of the registration event, we have around 500 sessions, we limited to 225 active http sessions on the webserver, which acts as the valve to the event. Note: all previous events were on PT8.48, OAS 10g.
So , on to my question.
Is there a way to make a single larger domain, with say 50 or more appsrv processes (mostly to avoid the config maint) or does anyone have any recommendations here?
Any and all input appreciated.

Hi,
Take these comments with a large grain of salt as they are generalizations and not necessarily applicable to PeopleSoft. I'd really suggest asking this question in their forums as there may be PeopleSoft specific configuration constraints that I'm about to violate.
In any case a Tuxedo domain can range from a single machine with a single 1 core processor, to many machines each with many cores. Once you move beyond a single machine, regardless of the number of cores, you are in a clustered environment, or what Tuxedo refers to an MP domain.
Regards,
Todd Little
Oracle Tuxedo Chief Architect

Similar Messages

Remote tuxedo domain rejects connection from client only Tuxedo JCA Adapter

I am trying to use a client only configured Oracle Tuxedo JCA Adapter 11.1.1.2.1 to connect to a remote tuxedo 10.3 domain. The connector is deployed to a JDeveloper 10.1.3.4 embedded OC4J container. The connector is failing silently when attempting to establish a connection with the remote domain. Locally, the JCA Adapter ntrace logs the following:
1/20/11:9:41:49 PM:10:TRACE[DMLocalAccessPoint,DMLocalAccessPoint]> (ypjspNQ5QIPKmOyk1DlAgw==)
1/20/11:9:41:49 PM:10:DBG[DMLocalAccessPoint,DMLocalAccessPoint]_useSSL = false
1/20/11:9:41:49 PM:10:TRACE[DMLocalAccessPoint,DMLocalAccessPoint]< return(10)
1/20/11:9:41:49 PM:10:INFO[TuxedoAdapterSupervisor,createLocalAccessPoint]TJA_0233:Info: Default local access point for factory null created, access point id ypjspNQ5QIPKmOyk1DlAgw==.
1/20/11:9:41:49 PM:10:DBG[TuxedoAdapterSupervisor,createLocalAccessPoint]features = 159
1/20/11:9:41:49 PM:10:TRACE[TuxedoAdapterSupervisor,startListeners]> ()
1/20/11:9:41:49 PM:10:TRACE[TuxedoAdapterSupervisor,startListeners]< (20) return
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]> (__sess_0_0)
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_lap_name:ypjspNQ5QIPKmOyk1DlAgw==
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_rap_name:e1tst_tdtux02
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_pro_name:__default_session_profile__
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _lap: com.oracle.tuxedo.adapter.config.DMLocalAccessPoint@1f6bc1a
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _rap: com.oracle.tuxedo.adapter.config.DMRemoteAccessPoint@1b75e54
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _pro: com.oracle.tuxedo.adapter.config.DMSessionProfile@191f64b
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]sec = NONE
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]< return(60)
1/20/11:9:41:49 PM:10:INFO[TuxedoAdapterSupervisor,createDefaultSession]TJA_0193:INFO: Default session created between LocalAccessPoint ypjspNQ5QIPKmOyk1DlAgw== and RemoteAccessPoint e1tst_tdtux02.
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]> (__sess_0_1)
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_lap_name:ypjspNQ5QIPKmOyk1DlAgw==
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_rap_name:e1tst_tdtux01
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_pro_name:__default_session_profile__
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _lap: com.oracle.tuxedo.adapter.config.DMLocalAccessPoint@1f6bc1a
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _rap: com.oracle.tuxedo.adapter.config.DMRemoteAccessPoint@1c0f654
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _pro: com.oracle.tuxedo.adapter.config.DMSessionProfile@191f64b
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]sec = NONE
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]< return(60)
1/20/11:9:41:49 PM:10:INFO[TuxedoAdapterSupervisor,createDefaultSession]TJA_0193:INFO: Default session created between LocalAccessPoint ypjspNQ5QIPKmOyk1DlAgw== and RemoteAccessPoint e1tst_tdtux01.
1/20/11:9:41:49 PM:10:TRACE[TuxedoAdapterSupervisor,registerClientSideResourceAdapter]create default import
1/20/11:9:41:49 PM:10:TRACE[ServiceManager,registerImportedService]> (*)
1/20/11:9:41:49 PM:10:INFO[,]factory = null
1/20/11:9:41:49 PM:10:INFO[,]name = *
1/20/11:9:41:49 PM:10:INFO[,]iname = *
1/20/11:9:41:49 PM:10:TRACE[ServiceManager,registerImportedService]register Default Import
1/20/11:9:41:49 PM:10:TRACE[Route,Route]> (*)
I can't determine if there are any problems from these log entries, but the remote tuxedo domain logs the following in the ULOG:
155138.tdtux01!GWTDOMAIN.3495.4.0: LIBGWT_CAT:1073: ERROR: Unable to obtain remote domain id (ypjspNQ5QIPKmOyk1DlAgw==) information from shared memory
155138.tdtux01!GWTDOMAIN.3495.4.0: LIBGWT_CAT:1509: ERROR: Error occurred during security negotiation - closing connection
My understanding is that the client only configuration should connect to a remote tuxedo domain as an anonymous client instead of a peer tuxedo domain, but the remote tuxedo gateway domain listener is acting like the client has to be configured in its dmconfig file before it will allow the connection request. Is there a different kind of listener the client only configuration should connect to instead of the tuxedo gateway domain listener? How can a remote tuxedo domain accept a connection from an anonymous client if the client must first be specified in the remote domain's dmconfig file? Is this a tuxedo 11g only feature? I'm trying to connect to a tuxedo 10.3 server.
The local ra.xml is reproduced here:
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/connector_1_5.xsd"
version="1.5">
<display-name>Tuxedo JCA Adapter</display-name>
<vendor-name>Oracle</vendor-name>
<eis-type>Tuxedo</eis-type>
<resourceadapter-version>11gR1(11.1.1.2.1)</resourceadapter-version>
<license>
<description>Tuxedo SALT license</description>
<license-required>false</license-required>
</license>
<resourceadapter>
<resourceadapter-class>com.oracle.tuxedo.adapter.TuxedoClientSideResourceAdapter</resourceadapter-class>
<config-property>
<config-property-name>debugConfig</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>true</config-property-value>
</config-property>
<config-property>
<config-property-name>traceLevel</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>100000</config-property-value>
</config-property>
<config-property>
<config-property-name>xaAffinity</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>true</config-property-value>
</config-property>
<config-property>
<config-property-name>remoteAccessPointSpec</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>//tdtux01:9601/domainId=e1tst_tdtux01,//tdtux02:9601/domainId=e1tst_tdtux02</config-property-value>
</config-property>
<outbound-resourceadapter>
<connection-definition>
<managedconnectionfactory-class>com.oracle.tuxedo.adapter.spi.TuxedoManagedConnectionFactory</managedconnectionfactory-class>
<connectionfactory-interface>javax.resource.cci.ConnectionFactory</connectionfactory-interface>
<connectionfactory-impl-class>com.oracle.tuxedo.adapter.cci.TuxedoConnectionFactory</connectionfactory-impl-class>
<connection-interface>javax.resource.cci.Connection</connection-interface>
<connection-impl-class>com.oracle.tuxedo.adapter.cci.TuxedoJCAConnection</connection-impl-class>
</connection-definition>
<transaction-support>NoTransaction</transaction-support>
<authentication-mechanism>
<authentication-mechanism-type>BasicPassword</authentication-mechanism-type>
<credential-interface>javax.resource.spi.security.PasswordCredential</credential-interface>
</authentication-mechanism>
<reauthentication-support>false</reauthentication-support>
</outbound-resourceadapter>
</resourceadapter>
</connector>
Thanks for any help.
Steve

Looks like this is an RTFM question. From:
[http://download.oracle.com/docs/cd/E18050_01/jca/docs11gr1/users/jca_usersguide.html]
Is the following:
Dynamic RemoteAccessPoint (RAP) Insertion
In order to make default LocalAccessPoint to work, Oracle Tuxedo GWTDOMAIN gateway configuration is required in order to make this simplified /Domain configuration to work.
GWTDOMAIN gateway must be modified to allow Dynamic RemoteAccessPoint (RAP) Registration. If DYNAMIC_RAP is set to YES, it will also update the in-memory database of the status of the connection from those dynamically registered RAP. If the connection from those dynamically registered RAP lost then the information about that RAP will be removed from the SHM database.
GWADM must be modified to process the DM MIB correctly to reflect the connection status of those dynamically registered RAP. When the connection from those dynamically registered RAP lost their entries in the SHM database will also be removed so that the DM MIB query can return the connection status correctly.
The dynamically registered RAP will be added to /DOMAIN configuration permanently. Their existence will only be known when the Session is established. Their existence will be lost when the connection is lost.
The DM_CONNECTION Oracle Tuxedo /Domain DMIB call returns all the connected dynamically registered RemoteAccessPoint. All other dynamically registered RemoteAccessPoint that are not connected will not be shown.
The OPENCONNECTION DMIB request will not be supported to connect to those dynamically registered RAP.
The CLOSECONNECTION Oracle Tuxedo /DMIB request closes the connection and remove the session from those dynamically registered RemoteAccessPoint, and returns its connection status as 'UNKNOWN.
The PERSISTENT_DISCONNECT type of CONNECTION_POLICY will be honored that means when PERSISTENT_DISCONNECT is in effect all connections request from any RAP, whether they are dynamically or non-dynamically registered, will be rejected.
I must have overlooked this section when reading it. Looks like I've got more configuration to do.
Thanks,
Steve

What the best way to call twenty tuxedo domains from one weblogic server use WTC

I need to call twenty tuxedo domains from one weblogic server use
WTC. the Service be called in the twenty tuxdo domains are same, do I need to
write twenty EJB in the weblogic server to call the same service? who have good
adea to deal with this problem?

Hi,
I have a question on the second case. When the client doesn't care of which
Tuxedo domain it is hitting. What happens if one of the Tux domain is down ? What
happens to the client request to that domain ?
Another question is lets say i have a Tuxedo configuration as MP mode( Multi
machine mode) how does WTC load balance between the Tuxedo domains.
Thanks,
Srinivas
"A. Honghsi Lo" <[email protected]> wrote:
Hi xcjing,
One way to handle your needs is to use local service name to remote
reservice name translation. For instance,
(in 6.1,6.0 WLS)
<T_DM_IMPORT ResourceName="TOUPPER1" LocalAccessPoint="WTC"
RemoteAccessPointList="TUX-DOM1">
     <RemoteName>TOUPPER</RemoteName>
</T_DM_IMPORT>
<T_DM_IMPORT ResourceName="TOUPPER2" LocalAccessPoint="WTC"
RemoteAccessPointList="TUX-DOM2">
     <RemoteName>TOUPPER</RemoteName>
</T_DM_IMPORT>
<T_DM_IMPORT ResourceName="TOUPPER3" LocalAccessPoint="WTC"
RemoteAccessPointList="TUX-DOM3">
     <RemoteName>TOUPPER</RemoteName>
</T_DM_IMPORT>
etc
With this configuration if your client have to call "TOUPPER" service
in
TUX-DOM1 then you code your client to call "TOUPPER1" and the request
will be routed to TUX-DOM1. The same way for request has to go to
TUX-DOM3, your client calls "TOUPPER3" service and WTC will route it
to
TUX-DOM3. In this remote name translation you may have to write 20 EJB
although they are almost the same. However, if your EJB can analyze
your client input to decide which Remote Tuxedo Domain to send the
service request to then you probably only need one EJB.
In the case that your client does not care which remote Tuxedo Domain
provides the service then adding
<T_DM_IMPORT ResourceName="TOLOWER" LocalAccessPoint="WTC"
RemoteAccessPointList="TUX-DOM1">
     <RemoteName>TOLOWER</RemoteName>
</T_DM_IMPORT>
<T_DM_IMPORT ResourceName="TOLOWER" LocalAccessPoint="WTC"
RemoteAccessPointList="TUX-DOM2">
     <RemoteName>TOLOWER</RemoteName>
</T_DM_IMPORT>
<T_DM_IMPORT ResourceName="TOLOWER" LocalAccessPoint="WTC"
RemoteAccessPointList="TUX-DOM3">
     <RemoteName>TOLOWEr</RemoteName>
</T_DM_IMPORT>
etc
Will load balance your client "TOLOWER" service request among your 20
remote Tuxedo Domain.
However, there is a bug in WTC that causes the Remote Service Name
translation functionality not working properly. It is fixed in the
upcoming release of WLS.
Honghsi :-)
xcjing wrote:
Thank you very much! But I still have question, give an example,
twenty Tuxedo domain is named domain1,domain2,....domain20. The
same Tuxedo Service: TOUPPER is deploy on those twenty Tuxedo domains,some time
I need call the TOUPPER Service on domain1,saome time I need call theTOUPPER
Service on domain3 or
other domain depend on the input from client. you mean I need to importThe TOUPPER
Service from twenty Tuxedo domains in the console,then write one EJBto call the
TOUPPER Service,but how can the EJB know which Tuxedo domain's TOUPPERto call
from?
Thank you!
"A. Honghsi Lo" <[email protected]> wrote:
hi xcjing,
You don't have to write 20 beans or deploy 20 beans because there
are
20
remote Tuxedo TDomain you need get the service from. Of course, WLSand
WTC does not prohibit you from doing it though. Whether you need20
beans or not depend more on you architecture.
To access 20 remote Tuxedo Domain from one single WLS with singleWTC
you can configure 20 remote Tuxedo Domain in the BDMCONFIG (6.1,6.0)
or
from the console (7.0). You import 20 services one from each remote
Tuxedo domain. You write one bean, and deploy one bean. Your WLS
clients will be able to access THE ejb, the EJB will access the WTC
service, and WTC will load balanced the service requests among the20
remote Tuxedo Domain.
Regards,
honghsi :-)
xcjing wrote:
I need to call twenty tuxedo domains from one weblogic server use
WTC. the Service be called in the twenty tuxdo domains are same,
do
I need to
write twenty EJB in the weblogic server to call the same service?
who
have good
adea to deal with this problem?

WLS modifies Tuxedo domains configuration

Hi,
We are configuring WTC to connect WLS 6.1 to Tuxedo8. We alredy have a Tuxedo
application than uses Tuxedo domains, so we have an Tuxedo domains configuraton
(bdmconfig) before connecting to WLS. To connect, we configure the bdconfig.xml
file (see below). We create the StartUp and Shutdown classes and run the simpapp
aplication (using the Toupper EJB). When we startup the application again (and
start the connection) whe realize that it modifies our own Tuxedo domains configuration
dinamically.
Why is this happening? Is there some way to avoid this?
Any idea will be appreciate.
Thanks in advance.
Yol.

"Yolanda Arroyo" <[email protected]> wrote:
>
Hi,
We are configuring WTC to connect WLS 6.1 to Tuxedo8. We alredy have
a Tuxedo
application than uses Tuxedo domains, so we have an Tuxedo domains configuraton
(bdmconfig) before connecting to WLS. To connect, we configure the bdconfig.xml
file (see below). We create the StartUp and Shutdown classes and run
the simpapp
aplication (using the Toupper EJB). When we startup the application again
(and
start the connection) whe realize that it modifies our own Tuxedo domains
configuration
dinamically.
Why is this happening? Is there some way to avoid this?
Any idea will be appreciate.
Thanks in advance.
Yol.
<?xml version="1.0"?>
<!DOCTYPE WTC_CONFIG SYSTEM "http://www.bea.com/servers/wls610/dtd/wtc_config.dtd">

<WTC_CONFIG>
<BDMCONFIG>
     <T_DM_LOCAL_TDOMAIN AccessPoint="WTCSIFO01">
          <AccessPointId>WTCSIFO01</AccessPointId>
          <Type>TDOMAIN</Type>
          <Security>NONE</Security>
          <ConnectionPolicy>ON_DEMAND</ConnectionPolicy>
          <BlockTime>30</BlockTime>
          <NWAddr>//172.16.160.173:6511</NWAddr>
     </T_DM_LOCAL_TDOMAIN>
     <T_DM_REMOTE_TDOMAIN AccessPoint="SIFOWTC01">
          <LocalAccessPoint>WTCSIFO01</LocalAccessPoint>
          <AccessPointId>SIFOWTC01</AccessPointId>
          <Type>TDOMAIN</Type>
          <NWAddr>//172.16.160.173:6510</NWAddr>
     </T_DM_REMOTE_TDOMAIN>
     <T_DM_IMPORT
          ResourceName="TOUPPER"
          LocalAccessPoint="WTCSIFO01"
          RemoteAccessPointList="SIFOWTC01">
          <TranTime>600</TranTime>
     </T_DM_IMPORT>
</BDMCONFIG>
</WTC_CONFIG>

Tuxedo domain

Hi all,
I need help with a environment varible who I do not remember the name of,
It preserve the timeout (TPETIME) between Tuxedo domains.
Anyone know?
Reagrds
Mats

Mats,
You might be thinking of the TM_DOMAIN_KEEPTRANTIME environment variable. If this is set to y or to yes then GWTDOMAIN will use the transaction timeout for transactional request timeout instead of using the blocking timeout as it otherwise would.
Regards,
Ed

Tuxedo domain issue

There is a very strange case here in my application. The GWTDOMAIN always terminated
abnormally and restarted again. I checked the core dump file it generated and
it showed me that it happened in '_tmrunserver()'. I do not know why.

Folks,
Hello. I am confusing !
There are 3 options ( sysdba, sysoper and sysasm ) for the command SQLPLUS.
Let me explain the commands one by one as below:
First, the command $./sqlplus AccessId/myPwd cannot connect with SQL> and then we cannot start up Database Instance HRCS90 !
Second, I run sysdba option in the following order:
$./sqlplus AccessId/myPwd as sysdba
SQL>startup
SQL>@/opt/PT8.53/scripts/rel853.sql
SQL> select OPERPSDWSALT from AccessId.PSOPRDEFN;
Its output: OPERPSWDSALT: invalid identifier. I have checked the field is not created into table PSOPRDEFN.
Third, I run sysoper option in the following order:
SQL>shutdown immediate;
SQL>exit
$./sqlplus AccessId/myPwd as sysoper
SQL>startup
SQL>@/opt/PT8.53/scripts/rel853.sql
When run rel853.sql, I saw many insufficient priviledges regarding Create Tables.
SQL> select OPERPSWDSALT from AccessId.PSOPRDEFN;
Its output: OPERPSWDSALT : invalid identifier. This error is the same with option sysdba.
Fourth, I run sysasm option as below:
SQL>shutdown immediate;
SQL>exit
$./sqlplus AccessId/myPwd as sysasm
It returns: Logon denied.
As we see above, I have tried 3 options(sysdba, sysoper, sysasm) to run the command sqlplus AccessId/myPwd but the result of script rel853.sql is not right.
My question is:
Can any folk tell me the correct order and commands to run the script rel853.sql ?
Thanks.
Folks,
Hello. All of the above 3 options are wrong. I have done below:
$./sqlplus / as sysdba
SQL>show user;
USER is "SYS"
SQL>startup
SQL>connect AccessId/myPwd
SQL>show USER;
USER is "AccessId"
SQL>@/opt/PT8.53/scripts/rel853.sql
Script completed.
Application Designer login into Database HRCS90 successfully now.
Tuxedo Application Server boot domain HRCS90 with 8 processes started.
The issue is solved. Thank you all very much.

ORACLE TUXEDO compatibility/coexistance question

Our existing PeopleSoft environment in
UNIX AIX 6.1
PS HRMS Tools 8.5 Application 9.1
PS Finance Tools 8.51 Application 9.1
We are preparing to upgrade only HRMS,
PS HRMS Tools 8.5 Application 9.1to PS
HCM Tools 8.54 Application 9.2
Question –
1. Will new ORACLE TUXEDO 12cR1 (12.1.1.0) work with PS Finance Tools 8.51
2. Can Oracle Tuxedo, Version (10.3.0.0, 64-bit, Patch Level 081- for PS Fin) coexist with ORACLE TUXEDO 12cR1 (12.1.1.0,64 bits)?

Hi,
For the PeopleSoft and Tuxedo 12cR1 question you will need to check with the PeopleSoft team as I don't know their version dependencies.
When you ask can Tuxedo 10 and 12 coexist, the answer is yes, although I'm not exactly what you mean by co-exist. They can be in the same MP domain, or in separate domains connected via the domain gateway. If they are in the same domain, then the MASTER machine needs to be the one running the later version of Tuxedo.
Regards,
Todd Little
Oracle Tuxedo Chief Architect

Iweb/Domain name question

Hi,
I am making my first Iweb site. I want to host the site through IWeb, but want to be sure I can use the simple domain name I own as the address, rather than a long www.mobileme.myname.domainname.com address. I see instructions involing setting up an alias on with the domain name provider, but wanted to ask around first.
Also, do you know if I can host more than one website through Iweb.
thanks for any and all help!
I have sent these questions to Apple support, but no response yet. I gather the new Iphone is taking up a lot of their tech support time.
Kim

the url instantly changes and is long.
This is the way CNAME pointing works with .Mac. If you like you can make things shorter by shortening the names you give your site and pages.
Your "url", namely what people need to type to get to your site, is of course just the short version. What appears in the browser address bar is really irrelevant, but if it matters a lot to you, then you can undo everything you did for CNAME and switch to ordinary url forwarding/masking. With that, for every page on your site only www.myname.com will appear in the browser address bar for every page.

Active Directory Cached Domain Login question

Hi all,
I would like to seek assistance on the following scenario setup where I have 2 independent AD forest setup
Production Forest #1 - Contoso
Test Lab Forest #2 - Contoso
Assuming both AD forests domain controllers are issued with Domain Controller Certs (to support smartcard login) from the same CA, and there exists a AD user acct - Mark in Production Forest #1 and this user is currently using a issued smartcard to perform
AD login on desktop client #1
Would it be possible to create a AD user acct - Mark in Test Lab Forest #2 and use the same issued production smartcard to perform AD login on laptop client #2 which is joined to Test Lab Forest #2? If not technically possible, why??? :(
I am trying to find a solution where I can have the laptop clients support login using the issued production smartcard. The challenge here is not all the laptop clients site have access to the production domain controllers hence am thinking of building the
Test Lab Forest #2 on another "server" laptop which provides a mobile means to allow the laptop clients to be joined to the Test Lab Forest and then supporting the issued production smartcard via domain cached login.

So far I know the only requirement is that the UPN match and that the PKI is trusted (in NTAuth) in the forest, but I'm not a PKI expert. I suggest to ask this question in the security forum as well:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog

Windows Server Primary & Secondary Domain Controller Question

lulzchicken wrote:
Right now the DHCP is assigning 192.168.200.1 (DNS server) and 8.8.8.8 (Google's DNS) as DNS servers for each client. I don't necessarilly want to change these assignment settings,Yes, you do. This is absolutely the worst thing you can ever do with DNS. More details why here -> Ramblings of a Sysadmin: How to do DNS correctly
Primary and secondary DNS should ALWAYS be internal.
Your DNS Servers should use FORWARDERS go go out to google. That's the only place that should see google DNS servers in your environment.

Hi everyone, thank you for taking the time to listen.
I have successfully implemented an Active Directory setup using a Primary DC and a Secondary DC with Windows Server 2012 R2.
EL1 is my PDC and EL2 is my BDC.
Active Directory is in sync among the two Domain Controllers. Here is my question:
If I were to have a policy (Group Policy) that sets the wallpaper of each client machine to whatever is in the "\\EL1\Wallpaper\wp.jpg" - what would happen if I were to have that Domain Controller fail? That directory is no longer available due to the outage - even though the Backup Domain Controller will still be pushing out the policy (pointing to the down server).
My idea was to have that directory replicated on the Backup Domain Controller, "\\EL2\Wallpaper\wp.jpg" however - the policy will still be looking for the file in the Primary Domain...
This topic first appeared in the Spiceworks Community

Domain architecture question if using multiple FMW products

Hi,
We are in the initial phases of setting up a WLS/FMW environment to replace our iAS 10.1.2 (forms and reports) and 10.1.3 (j2ee) environments. In addition to bringing over the in-house written applications we will be using the following FMW products - OBIEE, SOA/BPEL, and eventually Forms & Reports. Our question is what would be a good way to architect this environment?
I initially installed WLS and then configured a domain. When I went to install and configure OBIEE 11.1.1.6 it would not let me extend the existing domain, so I created another domain for it. I haven't been able to find any documentation yet that indicated OBIEE must run in it's own domain, but is that what it is trying to tell us by not allowing us to extend an existing domain?
Should we create a separate domain for each of the Oracle FMW products I mentioned above? That would require 3 domains if we were to put our in-house applications in to one of 3, but is that a good or a bad idea?
I see some potential advantages to putting each in it's own domain, but one disadvantage would seem to be that we'd need 3 AdminServers which would also be using resources on the physical server. Would we need 3 node managers if we had 3 separate domains?
I'm hoping someone else out there has had to create an environment similar to ours and may be able to provide some guidance here. Any advice would be appreciated.
Thanks.

Hi
1. What you want is totally possible like have a single domain with all the stuff installed for atleast 3 products you mentioned like OBIEE, SOA/BPM, Forms/Reports etc.
2. Lets take few steps back. Domain creation comes in the end. The first thing is installing each of the above products in the same middleware home or different middleware home.
3. For any product from Oracle, Weblogic Server is the basic underlying application server. First you need to install this with the same version of soa/bpm, obiee that you plan to install on top of this. Once WLS is installed. Now install OBIEE on top of this. You can install SOA/BPM also on top of this same WLS. For OBIEE, you may need to first run RCU and have OBIEE shcemas ready. Because OBIEE simple installation will create a ready to use BI Domain also. Anyhow point is now on top of WLS you have 2 products installed like OBIEE and SOA/BPM.
4. Now comes the Domain creation. Use config wizard, and create a domain. At this point, you will see all the options (Project Facets) for both the prouducts. If you choose, all soa/bpm modules and obiee modules, you will get a Single Domain with 1 AdminServer and different managed servers for soa/bpm and obiee. I know for soa/bpm, it creates soa_server1, bam_serve1 and for obiee it may have like bi_server1. If you really plan to have all in one domain, I would prefer create clusters like soa_cluster, bam_cluster, bi_cluster, forms_cluster etc. And in these clusters have corresponding managed servers. Then you can have these serves on same physical machine or across remote different physical machine. Only thing is, on all the machines you should have exact same version of wls and all products installed in the same folder structure.
5. The advantage of having one domain is, you will have one single point of control for all admin stfuff and em stuff to control any product. Also if they interact with each other like soa calling bi reports, this may be little easy from single sign on etc and security configuration etc.
6. But if you do not have any interaction between them, you can have separate installers like WLS+soa and WLS+biee on different machines. Now a days hardware machines are very cheap with best configuration like 16GB 4 cpu workstation you can get for $2k.
I have on my side a single installation with WLS + SOA/BPM + OBIEE (all 11.5). Single RCU DB for all these schemas. Single Domain with all soa/bpm and obiee modules deployed ofcourse with different managed servers and 1 admin server. They are all running fine so far.
Thanks
Ravi Jegga

Tuxedo calling EJB question

Folks,
I have read some documentation about WTC and got in doubt.
In order to have the EJB access from Tuxedo service, I have to make it as an EJB 2.0 putting the RemoteHome and Remote as some Weblogic Tuxedo classes.
That is fine.
My question: does the method name have to be "service" always?
I saw that in the example and could not find any other example. Also, testing, it has not executed with any other name.
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/pdf/wtc_atmi.pdf&chrome=true
Could you someone give me any light? :-)
Thanks in advance.

Hi Richardinho,
Are you access Tuxedo Service through EJB? or trying to call an EJB from Tuxedo Service?
If you are accessing Tuxedo Service using an EJB, it should work with any name (EJB name and method can have any name you want).
Regards,
Ahsan

VDI 3 + Active Directory Child Domain Setup Question

Hi Everyone,
Quick question. Will this config work because I'm having some issues.
Domain A
Child Domains A.A, B.A, C.A, etc..
Kerbros is setup and pointing at domain A with admin account access.
VDI3 can see all the domains when I pull down the domain selector... however!... I can only log into the parent domain A. Attempts to log into child domains A.A, B.A, etc give me an 'Unknown user/password error'.
Will this config work? All child domains are part of the same forest which I thought was supported.
Many thanks in advanced for any replies.
Dono

Hello,
yes, forests with multiple child domains are supported and your configuration should be working.
In order to troubleshoot the problem, please follow the instructions at:
http://wikis.sun.com/display/VDI3/End-users+cannot+access+their+virtual+machines.
The cacao logs should contain more details about the error.
Thanks,
Katell

Upgrading Domain Controller Questions

Hello, we currently have 2 domain controllers in our environment, both with Server 2003 R2. We are looking to upgrade them one at a time to 2008 R2 but I have some questions.
Here's the environment:
Server 1 (the one we are going to upgrade first):
Server 2003 R2
Domain Controller
DHCP Server
DNS Server
Server 2 (we will be upgrading this in the near future but not just yet):
Server 2003 R2
Domain Controller
DHCP Server
DNS Server
File Server with most of the company data
We also have DNS replication set up between the two servers.
My questions:
Will we run into any issues having two domain controllers with different Operating Systems?
We would like for the domain controllers to keep the same names and IP's. Any issues with that?
How will we stop, then re-setup DNS replication between the two servers?
Any other 'gotcha's' we should be aware of?
Dan Chandler-Klein

I don't see any reason why not keeping old name and IP.
Before upgrading make sure AD has no issues:
look at the event viewer, run DCDiag, replication runs clean (repadmin /showrepl) etc.
OS has no warning/errors.
Not must but I would move the FSMO roles to another DC before demote.
Make sure applications installed on the new DC's (AV\Backup agents etc.) support Windows 2008 R2 OS.
Make sure all your network applications in your environment support working with Windows 2008 R2 DC - I recommend test it in lab first.
Make sure that the DC you are about to demote not holding CA role.
Most important:
Make sure you successfully demote the old DC and no records left in DNS.
I'm not agree with evrimicelli about DC's naming and I wouldn't go for CNAME record - this can get you in many troubles in the future.
after demote the old DC, I would rename it or remove it from the domain, than you can rename the new server with old Dc name and promote it to DC with old DCs' IP address.
I didn't understand the question about DNS replication.
What kind of DNS zone do host? if its AD integrated (and thats what you should have), you don't need to configure any replication, AD integrated DNS zone replicate as part of AD replication between your two DC's.
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

OAM domain configuration: question

When installing OAM, and during domain configuration for OAM specific, in the following
screen where you select Admin Server, Managed Server, Cluster, Deployment Services etc
there are two more options
JMS File Store and JMS Distributed Destination which do not show up- these only show
up for domain configuration for OIM.
Question: Why JMS options do not show up during OAM domain config? But show up
during OIM domain config.

Unfortunately this is currently not a supported configuration. A domain must contain a single ALSB cluster. This is something we are looking to improve in the future.
Gregory

Tuxedo domain sizing question

Similar Messages

Maybe you are looking for