How to install Oracle Internet Directory 10.1.4.0.1 in an existing cluster that is already upgraded to 10.1.4.3

There is one main production environment where we have OID 10.1.4.0.1 installed and upgraded to 10.1.4.3 later.

We have been setting up another production environment for disaster recovery purpose and had to use the same OID DB schema used in main production server. So we just replicated the database from main prod to disaster recovery servers.

While installing OID components newly in disaster recovery setup, I got a show stopper issue because of inconsistent version of DB schema and install version. We should first install 10.1.4.0.1 , since the OID DB schema already has 10.1.4.3, you will see an error at the step “Specify Repository”. The error screenshot is given below.

I checked the existing components version in the schema using the command

select comp_id,version,status from app_registry; 

Below is the screenshot for the same.

Here is the Solution:

Login to sqlplus as sys user and perform the below step.

update orasso.wwc_version$ set version='10.1.4.0.1';

Below is the screenshot for the same.

Be sure to commit the transaction otherwise you will see the same error.

Once the Oracle application server gets installed succesfully, you can upgrade the OID to 10.1.4.2 or 10.1.4.3 as per your requirement.

Before upgrading the OID, you have to perform this step.

update orasso.wwc_version$ set version='10.1.4.3.0';

and install the patch for upgrade.

Helpful Docs:

metalink note 787603.1

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

9 comments
Vijayendra B says May 3, 2011

Hi,

We have installed DR and DC instances of IDM. After which we did a sync from DC to DR. The data of DR DB is replaced with DC DB. My IDM instances are not starting after the DB replication. could you please let us know if there is anything that needs to be take care for the proper start of the servers in DR.

Thanks and Regards,
Vijay.

Reply
Atul Kumar says May 3, 2011

@ Vijay,
To understand your issue when you say DC and DR you mean

DC – Primary Site holding OID data
DR – Secondary Site with OID database replicated using data guard.

Let me ensure that you are not using ldap based or ASR based replication but just using data guard to replicate OID data.

If this is true did you configure second OID node on DR site ? If not then is OID hostname same on both machines ?

When you are starting OID on DR site, what is error message in opmn & ldap logs ?

Reply
Vijayendra B says May 3, 2011

Hi Atul,

Yes
DC – Primary site
DR – Secondary site using EMC2 kinda replication and not oracle Data Guard.

There is no ASR replication.

Yes we have the second OID node in DR site. same no.of IDM servers are in DR as in DC.

The error I get when I start the OID is

——–
11/04/28 16:39:52 Dependency check
——–
Error – ORA-28000: the account is locked

Reply
Atul Kumar says May 3, 2011

@ Did you open OID database in DR site on read /write mode or just read only mode.

For OID to start, OID database on DR site should be opened in R/W mode .

If database is open in R/W mode then check if ods schema is locked or not (search in dba_users and post all accounts which are locked)

Reply
Vijayendra B says May 4, 2011

Hi Atul,

Below is the o/p. Do suggest how to proceed.

Regards,
Vijayendra Boda.

SQL> select username,account_status,lock_date from dba_users;

USERNAME ACCOUNT_STATUS LOCK_DATE
—————————— ——————————– ———
ODSSM OPEN
ODS LOCKED(TIMED) 26-APR-11
UDDISYS OPEN
ORAOCA_PUBLIC OPEN
OCA OPEN
BAM OPEN
ORABPEL OPEN
B2B OPEN
WCRSYS OPEN
DSGATEWAY OPEN
DCM OPEN

USERNAME ACCOUNT_STATUS LOCK_DATE
—————————— ——————————– ———
DISCOVERER5 OPEN
ORASSO_PA OPEN
ORASSO_PUBLIC OPEN
ORASSO_DS OPEN
OWF_MGR OPEN
WIRELESS OPEN
ORASSO_PS OPEN
ORASSO OPEN
INTERNET_APPSERVER_REGISTRY EXPIRED & LOCKED 29-MAR-10
PORTAL OPEN
PORTAL_APP OPEN

USERNAME ACCOUNT_STATUS LOCK_DATE
—————————— ——————————– ———
PORTAL_PUBLIC OPEN
PORTAL_DEMO OPEN
IP OPEN
WKSYS OPEN
WKPROXY OPEN
HP_DBSPI OPEN
TSMSYS EXPIRED & LOCKED 05-FEB-10
DIP EXPIRED & LOCKED 10-MAY-08
MDDATA EXPIRED & LOCKED 05-FEB-10
ORACLE_OCM EXPIRED & LOCKED 05-FEB-10
SCOTT EXPIRED & LOCKED 05-FEB-10

USERNAME ACCOUNT_STATUS LOCK_DATE
—————————— ——————————– ———
SYSMAN OPEN
DBSNMP OPEN
EXFSYS EXPIRED & LOCKED 05-FEB-10
XDB EXPIRED & LOCKED 05-FEB-10
SI_INFORMTN_SCHEMA EXPIRED & LOCKED 05-FEB-10
CTXSYS EXPIRED & LOCKED 05-FEB-10
ANONYMOUS EXPIRED & LOCKED 05-FEB-10
DMSYS EXPIRED & LOCKED 05-FEB-10
WMSYS EXPIRED & LOCKED 05-FEB-10
ORDSYS EXPIRED & LOCKED 05-FEB-10
OLAPSYS EXPIRED & LOCKED 05-FEB-10

USERNAME ACCOUNT_STATUS LOCK_DATE
—————————— ——————————– ———
ORDPLUGINS EXPIRED & LOCKED 05-FEB-10
MDSYS EXPIRED & LOCKED 05-FEB-10
MGMT_VIEW OPEN
SYS OPEN
SYSTEM OPEN
OUTLN EXPIRED & LOCKED 05-FEB-10

50 rows selected.

Reply
Atul Kumar says May 4, 2011

@Vijayendra B,

Your issue is because of account ODS LOCKED(TIMED) 26-APR-11, it seems you are using defult database profile which locks an database account after 10 failed attempts.

Another issue I can see is that in some configuration password for ODS is set to different value then one on database and hence its locking ODS.

First create a custom profile in database which says not to lock account and set ods password to old value which should unlock it.

Then try to start OID using OPMN

Reply
Vijay says June 11, 2011

Hi Atlu,

Does IDM 10g(10.1.4.3) have any dependency on Metadata repository. Do we need to make any manual changes to the DB after the Replication of DB from DC to DR.

Please advise. Also please let me know if you have any document which gives steps for changing the OID port.

-Vijay

Reply
Vijay says June 14, 2011

Hi Atul,

We have installed IDM(10.1.4.3) PRODUCTION and DR separately in cluster. OC4J_Security is not starting after the Data replication from DC to DR
Have couple of questions regarding the same.

1. Is IDM dependent on the Metadata repository?
2. If so what are the manual changes that needs to be done to bring up the instance in DR after DB replication from DC

Could you please provide any step by step document/link.

Thanks and Regards,
Vijay.

Reply
Atul Kumar says June 14, 2011

@ Vijay,

1. Is IDM dependent on the Metadata repository?

Yes

2. If so what are the manual changes that needs to be done to bring up the instance in DR after DB replication from DC

– Check password (schema stored in MR and managed by OID) and DB schema are correct
– Infra Tier (location where OC4J_Security) is running can connect to DB
– OC4J_Security uses OID to connect so make sure OID is running.

OC4J_security startup logs should tell you why OC4J is not starting on DR node

Reply
Add Your Reply

Not found