PolicySet Invalid: WSM-02557 oracle.wsm.policymanager
Accessing Fusion Application shows below error:
An error was received for the task Manage Collectors. This task is identified with the code IEX_MANAGE_COLLECTORS that invokes program /WEB-INF/oracle/apps/financials/collections/collector/ui/flow/ManageCollector.xml#ManageCollector of module code Receivables. Review the consumer and producer logs for more details on this error.
Logfiles in CommonDomains shows following error:
at oracle.bpel.services.workflow.query.client.AbstractDOMTaskQueryServiceClient.authenticate(AbstractDOMTaskQueryServiceClient.java:192)
at oracle.bpel.services.workflow.query.client.AbstractDOMTaskQueryServiceClient.authenticate(AbstractDOMTaskQueryServiceClient.java:205)
at oracle.bpel.services.workflow.fws.client.TaskQueryAccessor$AuthenticationHandler.call(TaskQueryAccessor.java:1508)
at oracle.bpel.services.workflow.fws.client.TaskQueryAccessor$AuthenticationHandler.call(TaskQueryAccessor.java:1433)
at oracle.bpel.services.common.concurrent.CallableTask.call(CallableTask.java:63)
at oracle.bpel.services.common.concurrent.Submission$2.run(Submission.java:470)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.bpel.services.common.concurrent.Submission.runAsPrivileged(Submission.java:490)
at oracle.bpel.services.common.concurrent.Submission.run(Submission.java:402)
at oracle.bpel.services.common.concurrent.Submission$SubmissionFutureTask.run(Submission.java:875)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:440)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:139)
at oracle.bpel.services.common.concurrent.ModifiedThreadPoolExecutor$Worker.runTask(ModifiedThreadPoolExecutor.java:666)
at oracle.bpel.services.common.concurrent.ModifiedThreadPoolExecutor$Worker.run(ModifiedThreadPoolExecutor.java:692)
at java.lang.Thread.run(Thread.java:680)
Caused By: oracle.bpel.services.workflow.client.WorkflowServiceClientException: javax.xml.ws.WebServiceException: oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-02557 oracle.wsm.policymanager.accessor.BeanAccessor The documents required to configure the Oracle Web Services Manager runtime have not been retrieved from the Policy Manager application (wsm-pm), possibly because the application is not running or has not been deployed in the environment. The query "&(policysets:global/%)(@appliesTo~="WS-Client()")" is queued for later retrieval.
Processes in Instance: BIInstance
---------------------------------+--------------------+---------+---------
ias-component | process-type | pid | status
---------------------------------+--------------------+---------+---------
coreapplication_obips1 | OracleBIPresentat~ | 11839 | Init
essbaseserver1 | Essbase | 7176 | Alive
coreapplication_obiccs1 | OracleBIClusterCo~ | 7173 | Alive
coreapplication_obisch1 | OracleBIScheduler~ | 5463 | Alive
coreapplication_obijh1 | OracleBIJavaHostC~ | 7174 | Alive
coreapplication_obis1 | OracleBIServerCom~ | 6162 | Alive
[oracle@fusionappln states]$ /u01/FusionappBase/instance/BIInstance/bin/opmnctl stopproc ias-component=coreapplication_obips1
opmnctl stopproc: stopping opmn managed processes...
[oracle@fusionappln states]$
[oracle@fusionappln states]$ /u01/FusionappBase/instance/BIInstance/bin/opmnctl status
Processes in Instance: BIInstance
---------------------------------+--------------------+---------+---------
ias-component | process-type | pid | status
---------------------------------+--------------------+---------+---------
coreapplication_obips1 | OracleBIPresentat~ | N/A | Down
essbaseserver1 | Essbase | 7176 | Alive
coreapplication_obiccs1 | OracleBIClusterCo~ | 7173 | Alive
coreapplication_obisch1 | OracleBIScheduler~ | 5463 | Alive
coreapplication_obijh1 | OracleBIJavaHostC~ | 7174 | Alive
coreapplication_obis1 | OracleBIServerCom~ | 6162 | Alive
[oracle@fusionappln states]$/u01/FusionappBase/instance/BIInstance/bin/opmnctl startproc ias-component=coreapplication_obips1
Solution 2:
Check the log files,
cd /u01/FusionappBase/instance/BIInstance/diagnostics/logs/OracleBIServerComponent/coreapplication_obis1
tail -f nqserver.log
[2015-04-25T07:07:54.08-05:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 00558hSp5hQ5i^wMwEyWMG0007Vw0000Af,0] [tid: 45fe7940] [nQSError: 43126] Authentication failed: invalid user/password.
[2015-04-25T07:08:01.867-05:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 00558hTJ4po5i^wMwEyWMG0007Vw0000Ao,0] [tid: 462ea940] [nQSError: 13057] Error From BI Security Service: PolicySet Invalid: WSM-02557 oracle.wsm.policymanager.accessor.BeanAccessor The documents required to configure the Oracle Web Services Manager runtime have not been retrieved from the Policy Manager application (wsm-pm), possibly because the application is not running or has not been deployed in the environment. The query "&(@appliesTo~="WS-Service()")(policysets:global/%)" is queued for later retrieval. WSM-02557 oracle.wsm.policymanager.accessor.BeanAccessor The documents required to configure the Oracle Web Services Manager runtime have not been retrieved from the Policy Manager application (wsm-pm), possibly because the application is not running or has not been deployed in the environment. The query "/policies/oracle/no_authentication_service_policy" is queued for later retrieval. . [[
>>>>>There looks to be the problem with boot.properties -> Update the boot.properties in all domains
>>>>>Stop Fusion Application
sh /u01/FusionappBase/fusionapps/applications/lcm/ad/bin/fastartstop.sh -Stop -all -username faadmin -fa_oracle_home /u01/FusionappBase/fusionapps/applications
>>>>>Update boot.properties
1. Find password of FUSION_APPS_PROV_PATCH_APPID from Credential Store.
a. Set ORACLE_HOME to IDM_HOME
b. Run the following command
$ORACLE_HOME/bin/ldapsearch -h
/u01/IDMappBase/products/app/idm/bin/ldapsearch -h fusionappln.net -p 3060 -D "cn=orcladmin" -w Oracle123 -s base -b "orclCSFKey=basic.credentials,cn=oracle.wsm.security,cn=CredentialStore,cn=FusionDomain,cn=JPSContext,cn=FAPolicies" objectclass=* orclcsfname orclcsfpassword
[oracle@fusionappln bin]$ /u01/IDMappBase/products/app/idm/bin/ldapsearch -h fusionappln.net -p 3060 -D "cn=orcladmin" -w Oracle123 -s base -b "orclCSFKey=basic.credentials,cn=oracle.wsm.security,cn=CredentialStore,cn=FusionDomain,cn=JPSContext,cn=FAPolicies" objectclass=* orclcsfname orclcsfpassword
orclCSFKey=basic.credentials,cn=oracle.wsm.security,cn=CredentialStore,cn=FusionDomain,cn=JPSContext,cn=FAPolicies
orclcsfname=FUSION_APPS_PROV_PATCH_APPID
orclcsfpassword=t4mqj2n#Gwboly
[oracle@fusionappln bin]$
2. Modify password in IDStore.
a. Open ODSM and connect to OID
b. Navigate to the user entry: dc=com -> dc=mycompany -> cn=Users -> cn=AppIdUsers -> cn=FUSION_APPS_PROV_PATCH_APPID
b. Navigate to the user entry: dc=net -> dc=lab -> cn=Users -> cn=AppIdUsers -> cn=FUSION_APPS_PROV_PATCH_APPID
c. Go to attributes tab and set the value of userPassword to the value of orclcsfpassword returned in #1.b above.
3. Modify password in boot.properties
a. Set environment:
cd $APPLICATIONS_BASE/fusionapps/wlserver_10.3/server/bin
. ./setWLSenv.sh
cd /u01/FusionappBase/fusionapps/wlserver_10.3/server/bin
. ./setWLSenv.sh
b. Go to each domain directory such as:
cd $APPLICATIONS_BASE/instance/domains/
cd /u01/FusionappBase/instance/domains/fusionappln.net/CommonDomain
c. Run the command:
java weblogic.security.Encrypt
java weblogic.security.Encrypt t4mqj2n#Gwboly
orclcsfname=FUSION_APPS_PROV_PATCH_APPID
orclcsfpassword=t4mqj2n#Gwboly
java weblogic.security.Encrypt t4mqj2n#Gwboly
{AES}D5q8ZxgTe4mRh1a//YImWjY65P0JD83npQr39M5s8Ps=
This will echo the encrypt string that must be replaced in boot.properties
d. Take backup of boot.properties in AdminServer/security folder for CommonDomain
e. Modify password field in boot.properties with the value returned in 3.c above. It should look something similar to below:
f. In case username is also modified, then follow steps 3.a to 3.c to encrypt username and modify in boot.properties. Use below command for the same:
java weblogic.security.Encrypt FUSION_APPS_PROV_PATCH_APPID
{AES}RJdlSbkVCJRftF+TPzzVyYQKsvHPY1nSKKTcOta3dUpHkuk6o0L/z1KGtpv7QdGC
cd servers/AdminServer/security/
vi boot.properties
username={AES}RJdlSbkVCJRftF+TPzzVyYQKsvHPY1nSKKTcOta3dUpHkuk6o0L/z1KGtpv7QdGC
password={AES}D5q8ZxgTe4mRh1a//YImWjY65P0JD83npQr39M5s8Ps=
4. Start WebLogic server (e.g AdminServer) for the problem domain, say CommonDomain using fastartstop command.
5. Repeat steps 3-4 for all Fusion Domain AdminServers and ManagedServers where boot.properties has been modified with a password that does not match with CredentialStore.
BIDomain
[oracle@fusionappln BIDomain]$ java weblogic.security.Encrypt FUSION_APPS_PROV_PATCH_APPID
{AES}2iOG6CnZqkD3tqFQ01pjgB6IyMSUNYw6NLdoJjG/7avZOjg5XP9a4zfcVppvsT/U
[oracle@fusionappln BIDomain]$ java weblogic.security.Encrypt t4mqj2n#Gwboly
{AES}KyCnWPWSG1+fJc0deSBFxDfXFSAPMv0IZlfi0kzVEDA=
[oracle@fusionappln BIDomain]$
SCMDOMAIN
[oracle@fusionappln fusionappln.net]$ cd SCMDomain
[oracle@fusionappln SCMDomain]$ java weblogic.security.Encrypt FUSION_APPS_PROV_PATCH_APPID
{AES}ptXi+T9lOgig3db61RQUPXJw8J6aNSXSkPIMf9QLAeWNsHvVWmtKNyGHWrTCKMw8
[oracle@fusionappln SCMDomain]$ java weblogic.security.Encrypt t4mqj2n#Gwboly
{AES}WgKO3AXtOYn8nIjGKrwiVbSZ0h/KOG2Bbg+rt8ZAdUI=
[oracle@fusionappln SCMDomain]$
ProcurementDomain
[oracle@fusionappln ProcurementDomain]$ java weblogic.security.Encrypt t4mqj2n#Gwboly
{AES}V49k/qUo46rkIW4hhxaWsdccvI6BnUDcqfUEoz0m2K0=
[oracle@fusionappln ProcurementDomain]$ java weblogic.security.Encrypt FUSION_APPS_PROV_PATCH_APPID
{AES}K7QHwvz1gWLRhatKK9JZDFuAG3gZBDLtZmei8nOe9xgREbrVfufxwjSM+lWFE/CW
[oracle@fusionappln ProcurementDomain]$
FinancialDomain
[oracle@fusionappln FinancialDomain]$ java weblogic.security.Encrypt FUSION_APPS_PROV_PATCH_APPID
{AES}3p1OX15L51T9XqjIWGWUuzFOCawD9vfFPId56hEnOSCTaThkV1DtF9l0xa/H9N0T
[oracle@fusionappln FinancialDomain]$ java weblogic.security.Encrypt t4mqj2n#Gwboly
{AES}VD23ijJHs4dcfdYExuE0fKP1xPRpG7fOMGB2qYCGwvU=
[oracle@fusionappln FinancialDomain]$
HCMDomain
[oracle@fusionappln HCMDomain]$ java weblogic.security.Encrypt FUSION_APPS_PROV_PATCH_APPID
{AES}RGTs8Xfq00JI/ncbxiL2DbMMTkTiBE1r04Lf7lyMdU5oIUQHLMKp7dzMQWkTBxBX
[oracle@fusionappln HCMDomain]$ java weblogic.security.Encrypt t4mqj2n#Gwboly
{AES}IilH+HUCL1boXfIVEdR82DLWK1wvqHBsyn9QFfv0PIE=
[oracle@fusionappln HCMDomain]$
ProjectsDomain
[oracle@fusionappln ProjectsDomain]$ java weblogic.security.Encrypt FUSION_APPS_PROV_PATCH_APPID
{AES}mTWXq0JLgtGfRMvN5ZL7i4AMlI++Dx6OdCJcAJSfHL9NDOzm0597WucOjGrCUyM1
[oracle@fusionappln ProjectsDomain]$ java weblogic.security.Encrypt t4mqj2n#Gwboly
{AES}QhXlIXl/LrRHsys0d3tvl10u+OsOxW6e3tb2lkp3VaQ=
[oracle@fusionappln ProjectsDomain]$
CRMDomain
[oracle@fusionappln CRMDomain]$ java weblogic.security.Encrypt FUSION_APPS_PROV_PATCH_APPID
{AES}o6r7+7ma0Iwwc96bbA09bmTrb2FmXnOte4s339NtfzXO1MUA7ENGuCF6VIoWBdk1
[oracle@fusionappln CRMDomain]$ java weblogic.security.Encrypt t4mqj2n#Gwboly
{AES}G54Xit/ke5BZSMwjHYU2Y47Taje2E5RP6OkkabXQbCU=
[oracle@fusionappln CRMDomain]$
Start the application
sh /u01/FusionappBase/fusionapps/applications/lcm/ad/bin/fastartstop.sh -Start -all -username faadmin -fa_oracle_home /u01/FusionappBase/fusionapps/applications -startAdminServer true