Error while starting OAM WebLogic Servers “Policy store update operations are not allowed, system is write protected”

I’ve come across an issue in OAM 11g R2 PS2 environment. Multi Data Center is also being setup with one DC as Master and other DC as Clone. After configuring the Clone DC using T2P commands and running few WLST commands to accomplish MDC setup, the below errors were seen while starting the OAM WebLogic Admin/Managed Servers.

<Apr 8, 2014 4:28:05 PM PDT> <Warning> <oracle.oam.engine.policy> <OAMSSA-06342> <Bootstrap failed for handler oracle.security.am.common.policy.tools.upgrade.r2ps2.bootstrap.RMR2PS2BootstrapHandler!>

<Apr 8, 2014 4:28:05 PM PDT> <Error> <oracle.oam.engine.policy> <BEA-000000> <Policy store update operations are not allowed, system is write protected.

Analysis:

The OAM 11g documentation states “Clone Data Centers can be write protected so no updates can be made to the system or policy configurations”. So I had set WriteEnabledFlag flag in oam-config.xml to false. Therefore any updates to Clone DC for policy or system changes will fail.

You can verify this flag in oam-config.xml and it would look like:

<Setting Name=”WriteEnabledFlag” Type=”xsd:boolean”>true</Setting>

However the weblogic servers would start up fine.

Solution:

Even Clone DC should be Write Enabled.

Connect to weblogic admin server through wlst.sh and run commands as shown below:

wls:/oam_domain/serverConfig> domainRuntime()

Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.

For more help, use help(domainRuntime)

wls:/oam_domain/domainRuntime> setMultiDataCenterWrite(WriteEnabledFlag=”true”)

Data center write enable flag set successfully

wls:/oam_domain/domainRuntime>

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

1 comments
Add Your Reply