Error while starting OAM WebLogic Servers “Policy store update operations are not allowed, system is write protected”

I’ve come across an issue in OAM 11g R2 PS2 environment. Multi Data Center is also being setup with one DC as Master and other DC as Clone. After configuring the Clone DC using T2P commands and running few WLST commands to accomplish MDC setup, the below errors were seen while starting the OAM WebLogic Admin/Managed Servers.

<Apr 8, 2014 4:28:05 PM PDT> <Warning> <oracle.oam.engine.policy> <OAMSSA-06342> <Bootstrap failed for handler oracle.security.am.common.policy.tools.upgrade.r2ps2.bootstrap.RMR2PS2BootstrapHandler!>

<Apr 8, 2014 4:28:05 PM PDT> <Error> <oracle.oam.engine.policy> <BEA-000000> <Policy store update operations are not allowed, system is write protected.

Analysis:

The OAM 11g documentation states “Clone Data Centers can be write protected so no updates can be made to the system or policy configurations”. So I had set WriteEnabledFlag flag in oam-config.xml to false. Therefore any updates to Clone DC for policy or system changes will fail.

You can verify this flag in oam-config.xml and it would look like:

<Setting Name=”WriteEnabledFlag” Type=”xsd:boolean”>true</Setting>

However the weblogic servers would start up fine.

Solution:

Even Clone DC should be Write Enabled.

Connect to weblogic admin server through wlst.sh and run commands as shown below:

wls:/oam_domain/serverConfig> domainRuntime()

Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.

For more help, use help(domainRuntime)

wls:/oam_domain/domainRuntime> setMultiDataCenterWrite(WriteEnabledFlag=”true”)

Data center write enable flag set successfully

wls:/oam_domain/domainRuntime>

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

1 comments
srinivas says September 3, 2014

Hi All

i am invoking oam managed server from admin console and my admin server and oam managed servers running successfully but while testing my oam server from browser i am getting bellow error

Error 404–Not Found

From RFC 2068 Hypertext Transfer Protocol — HTTP/1.1:

10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.

Reply
Add Your Reply