Troubleshooting Login Problems IAS Checks

You can check your version by doing:

$IAS_ORACLE_HOME/Apache/Apache/bin/httpd –version

1. Validate TNS Connectivity

a. Make sure you can TNSPING and sqlplus the database alias used from the APPL_TOP (i.e. After running APPSORA.env). Do:

tnsping [sid]
sqlplus appsun/appspw
sqlplus appsun/appspw@[sid]

Also, validate that APPLSYSPUB/PUB can connect


b. Change to the $IAS_ORACLE_HOME, run the [sid]_[host].env file.

This will set the $ORACLE_HOME to be iAS.
Now check that you can TNSPING and sqlplus the database alias.

2. Determine the DBC file in use and make sure it is valid:

a. (11.5.9+) Run the profile option query provided in Appendix A when prompted for profile_option_name enter: APPS_DATABASE_ID.
If this returns a value, then this is the DBC file name that Apps is expecting to use.
Otherwise do:

select host_name'_'instance_name from v$instance;

b. Validate the OS location & permissions of the dbc file. Do:

ls –al $FND_SECURE/*.dbc (11.5.10+).

If $FND_SECURE is not set, then the dbc filebr> This should return the value from step 1ad.
The permissions on the file should be 644 and it should be owned my the “applmgr” user.


c. Verify the contents of the dbc file with the AdminAppServer utility. Do:

java oracle.apps.fnd.security.AdminAppServer appsun/appspw STATUS DBC=[path to dbc $FND_SECURE]/[dbc_name].dbc

This should return STATUS: VALID and the current status of AUTHENTICATION: [SECURE/ON/OFF/null] among other values.


d. Validate the autoconfig context file (11.5.8+) uses the correct dbc file.

Your context file is located in $APPL_TOP/admin and is typically named [SID]_[host].xml. Review the value for s_dbc_file_name, it should match the dbc just tested in 1c.

If any of this errors you should run autoconfig and/or $COMMON_TOP/admin/install/adgendbc.sh appsus appspw and retest (this will require iAS restart)


3. Is the web server running and able to render static html?

a. Are you able to access the page:

http:// :/aplogon.html

b. If not, then do:

ps –fu [applmgr] grep http
(or ps –fu [applmgr] grep http wc –l )

This should return at least 5 http processes running … otherwise you webserver may not be started…Make sure you are using the Oracle provided start script in:

$COMMON_TOP/admin/scripts/[SID]_[host]

If these tests fail you need to review your iAS installation and/or log a TAR.

4. (11.5.2-11.5.9) Check that the CGI environment and mod_plsql is functioning

a. Run the following URL:
http://:/pls//FND_WEB.PING

If you are unable to run the procedure below because of an 'internal error' or a 'cannot find host' or a similar error, then it could indicate that there is a problem with the PLSQL Configuration. Failures here may indicate problems with mod_plsql…Follow Note 116715.1 - How to Enable Logging for the PL/SQL Gateway. Redo the test and log a tar with the logs attached.

Or this may be a result of a RDBMS issue (For example - invalid packages, rdbms crashed)…See RDBMS section below.

b. Validate the APPS password used by the plsql gateway.

The password may be stored as clear text as a parameter (password= APPSpw) in
$IAS_ORACLE_HOME/Apache/modplsql/cfg/wdbsvr.app
If the password is encrypted in the file, update the parameter:

administrators = system
to be
administrators = all
Then navigate to:
http://:/pls//admin_/

Select the Gateway Database Access Descriptor Settings link
Select the Edit icon next to the Database Access Descriptor Name which matches your SID
Make sure the Oracle User Name = APPS
Enter the Apps user password in the Oracle Password field.
Make sure the Oracle Connect String is the SID for the instance.
If you made any changes here you will have to review your autoconfig context file to make sure the changes are permanent.

(11.5.10) After validating the above items, you may still get 'Forbidden - You don't have permission to access /pls//fnd_web.ping' on this server.” This may be by design for enhanced security. Please skip to the next test.

5. Ensure that JDK is installed correctly & is a certified version.

a. Get the value of wrapper.bin in:

$iAS_ORACLE_HOME/Apache/Jserv/etc
This will either point directly to the java executable in use or to $iAS_ORACLE_HOME/Apache/Apache/bin/java.sh.
If this points to the java.sh go to step 5b…otherwise skip to step 5c.

b.Open the java.sh File under $iAS_ORACLE_HOME/Apache/Apache/bin. In this file and you will find path to java executable in variable "JSERVJAVA"


c. Use the absolute path to the java executable and do:
/absolute/path/to/java –version

e. Check that the version returned is certified by using the certify website on Metalink.
Assuming this returns a supported version of JDK. Use the following notes to validate your JDK installation (i.e. that all required patches, autoconfig templates, etc have been completed):
Note 304099.1 => if using J2SE Version 5.0

Or

Note 246105.1 => if using J2SE 1.4

OR

Note 130091.1 => if using JDK 1.3

6. Use the following programs to verify the installation and check that the servlets are functioning.

a. http(s)://:/servlets/IsItWorking
(11.5.10) This may fail with:


Forbidden You don't have permission to access /servlets/IsItWorking on this server.
This is due to enhanced security delivered with the autoconfig templates.
Please try test 4b instead.


b.http(s)://:/servlets/Hello

If this one fails, this indicates an issue with your Jserv set-up. You then need to follow Note 230688.1 to drill down into this problem.


7. Validate that jsp work.

a. http(s)://:/OA_HTML/jsp/fnd/aoljtest.jsp

If this one fails to render, this indicates an issue with your Jserv set-up. You then need to follow Note 230688.1 to drill down into this problem.Otherwise you enter the values requested, and follow the link at the bottom of the first page to run through this set of diagnostic tests. Report all tests that fail in a TAR.

Note: The initial page of this test may show some "missing" files.
Depending on your configuration the following missing files are acceptable:

apps.zip (is normal to be missing since it has been exploded on $JAVA_TOP (ref : Note 220188.1 ))
iAS/mp/jlib/opreopi-rt.jar (Used for Oracle Personalization. Can be ignored if you are not using MP.)
iAS/mp/jlib/dmtutil.jar (Used for Data Mining)
iAS/dm/jlib/odmapi.jar (Used for Data Mining - If you are using Data Mining, and these are listed as missing, please see Note 281739.1 )
iAS/portal30/jpdk/lib/partnerApp.jar (If you are not using Portal, this can be ignored.)


8. Check the "session.topleveldomain" setting in the


$IAS_ORACLE_HOME/Apache/Jserv/etc/zone.properties
This should match the domain you are using as defined in the SESSION_COOKIE_DOMAIN column in ICX_PARAMETERS table.

From sqlplus do:

select SESSION_COOKIE_DOMAIN from ICX_PARAMETERS;


Notes: It is acceptable to have SESSION_COOKIE_DOMAIN set to null
You MUST have a valid domain that is composed of 2 or more components (see Bug 2510732). I.e: .oracle is an INVALID domain, but .oracle.com IS a valid domain.

1 comment:

Sricharan Mahavadi said...

the information is very usefull for the begginers.
thanks for the details
.Sricharan.