Tuesday, May 10, 2016

Applying latest Oracle Patch 22502456 Database Patch Set Update : 11.2.0.4.160419 for Oracle Run Time Client errors out

When trying to apply patch 22502456 to Oracle Runtime client using latest OPatch version 11.2.0.3.12
it fails with the following error. This patch is also included in combo patch : 22738777 - COMBO OF OJVM COMPONENT 11.2.0.4.160419 DB PSU + DB PSU 11.2.0.4.1604 (APR2016)


Verifying environment and performing prerequisite checks...
Skip patch 20760982 from list of patches to apply: This patch is not needed.
UtilSession failed: null
Log file location:
OPatch failed with error code 73
Log file error shows this.
[May 9, 2016 3:46:33 PM]     OUI-67073:UtilSession failed: null
[May 9, 2016 3:46:33 PM]     Finishing UtilSession at Mon May 09 15:46:33 EDT 2016
[May 9, 2016 3:46:33 PM]     Log file location: /opt/oracle/product/11.2.0.4/cfgtoollogs/opatch/opatch2016-05-09_15-46-25PM_1.log
[May 9, 2016 3:46:33 PM]     Stack Description: java.lang.NullPointerException
[May 9, 2016 3:46:33 PM]     StackTrace: java.lang.StringBuffer.<init>(StringBuffer.java:104)
[May 9, 2016 3:46:33 PM]     StackTrace: oracle.opatch.UtilSession.process(UtilSession.java:337)
[May 9, 2016 3:46:33 PM]     StackTrace: oracle.opatch.OPatchSession.main(OPatchSession.java:2580)
[May 9, 2016 3:46:33 PM]     StackTrace: oracle.opatch.OPatch.main(OPatch.java:634)


Oracle support is able to reproduce this issue however currently no workaround is provided.
They have internally 2 bugs opened to address this issue.


Bug 22932939 -- OPATCH FAILS TO PATCH RUNTIME CLIENT ENVIRONMENTS
Bug 22740194 - INSTALLATION OF 11.2.0.4.7 AND LATER PSU FAILS IN RUNTIME CLIENT ENVIRONMENT



Monday, January 18, 2016

Portal Home Page Displays Error : Error getting content for remote pagelet.

When you are logging on to a Portal Home Page which displays Remote pagelets, You get this error randomly.


Error Message: Error getting content









When you click on "Detailed Error Description", You will get this

Unable to get document
Error occurred while accessing target page.












To see the further details, Please log in to your webserver and open the following log files. If you have more than 1 web server you may have to go to each web server to see the content.


Log File Location : $PS_CFG_HOME/webserv/peoplesoft/servers/PIA/logs (This is for PeopleTools 8.53 and higher).
Log File Names are below
PIA_servlets0.log.0
PIA_servlets1.log.0
PIA_servlets2.log.0


If you open any one of these log file, You will see the following


2000-01-07T11:47:21.185         9259 163517125      unknown SEVERE psft.pt8.psp logError Error for User: abc Error Message: Unable to get document:  Requested URL: https://abc.com Target URL:  Error reading from server


Resolution:
If you do not have security issue or single signon issue, Please check the default HTTP Header size allowed by your Load balancer that you use for multiple webservers.  In Case of Cisco ACE Loadbalancer default is : 4096 bytes. Increasing it to 32768 helps in resolving this issue.


For Cisco Ace this parameter is :
set header-maxparse-length 32768



If you use a different Load balancer for e.g. F5 LTM then I believe the default is already 32768.  You can contact your Load balancer vendor to determine the default HTTP Header size.




Tuesday, January 05, 2016

Upload image to Image Catalog

In PeopleTools 8.53 PeopleSoft has provided an online PIA page to upload the images or modify an existing images without using App designer. This is really helpful if you want to change an image, but do not want to migrate application project just for updating the image.
Page name : Layout Image Upload


Navigation : Main Menu>PeopleTools>Mobile Application Platform>MAP Utilities>Layout Image Upload


For some reason, Mobile Application Platform is hidden in Portal structure and contents, but you can still access the Layout Image Upload page by searching.




Tuesday, December 08, 2015

PeopleSoft Support of TLS 1.2 when connecting to LDAP/HTTP servers using LDAPS/HTTPS URLs

Currently all PeopleSoft PeopleTools releases including 8.55 only supports Java 1.7 for the Appserver. Java 1.7 by default only enables support for SSL 3.0 and TLS 1, though it supports both TLS 1.1. and TLS 1.2. They are not enabled by default. This is easy to fix for HTTPS connections by modifying JavaVM options the following parameter to Appserver (psappsrv.cfg) and Batch server (psprcs.cfg) config files

JavaVM Options=-Dxdo.ConfigFile=%PS_HOME%/appserv/xdo.cfg -Xms32m -Xmx128m -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

Once you modify the Parameter, simply restart the Appserver or batch server and it will take effect. There is no need to reconfigure the appserver or batch server.

Please note this only work for HTTPS connections for e.g. when connecting to Integration Gateway Web server which only accepts TLS 1.1 or TLS 1.2 connections.

To make this also work for LDAP or Directory server that is configured to accept only TLS 1.2 connections for compliance with PCI DSS v3.1 (mandatory after June 30 2016), a code change to $PS_HOME/appserv/classes/psft/pt8/pshttp/PSLdapSSLSocketFactory.class is required so that it uses TLSv1.2 instead of SSL for the below code line.

SSLContext sslcontext = SSLContext.getInstance("SSL");

needs to be changed to

SSLContext sslcontext = SSLContext.getInstance("TLSv1.2");

Currently there are no configuration parameters to fix this issue. Please open a support case with Oracle and reference the below bug number if you need the fix for this issue.

There is an open PeopleSoft bug to address this issue.

22323376 - LDAP FAILS TO CONNECT TO LDAP SERVER USING TLS 1.2 to address this issue.

This will impact any PeopleSoft applications that are considered as PCI In scope applications and uses TLS 1.2 for Autnetication with LDAP Directory server using LDAPS protocol.

You will see the following error in the Appserver when connecting to LDAP server using delivered Page.

[Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]

Please note PeopleSoft uses JNDI to connect to LDAP Directory server via delivered Directory Interface Business interlink.

Thursday, September 17, 2015

Global Database Link feature in Oracle 11G can result in Peoplesoft Signon Failure

If you use Oracle Internet Directory (OID) to resolve database names, then you have this feature enabled by default. With Global database link feature, users can access tables/view in other database using @dbname syntax even when there is no explicit database link is created. For e.g User A logged in to Database A using his personal id : XXXX can run the below query to access table in database b. Only thing that is needed to make this work is that password for the user A must be same in both database A and B.

select * from ps_job@databaseb

This may create a potential locking situation,if password in database are not synced up and there is an account lock policy implemented to lock account after x invalid attempts. As soon as user runs more than x sql statements using global database link feature, it will lock the account in database b. When you look at dba audit trail, you will see the connection attempt was made by oracle user and machine name will be of database server machine name. This makes it confusing to determine how this account got locked up.

This is even more dangerous, if some one runs a SQR or Application engine program using peoplesoft process scheduler with a remotedbname sysntax for sql for e.g. ps_job@databaseb

This is because, PeopleSoft process scheduler runs the sql using database access id in database A, which inurn access the database b using the access id password in Database A. Most likely you would keep the database access id password (default : SYSADM) different for different databases and this can potentially lock the sysadm password in database B due to account lock out policy. If this happens, users will see when trying to access the application

“Bea.jolt.serviceexception: TPENOENT – No entry”

image

You can find more information on this at My Oracle Support

What are Global Database Link and How do you Disable them? (Doc ID 1632329.1)

http://docs.oracle.com/cd/E11882_01/server.112/e25494/ds_concepts.htm#ADMIN02801

If this happens in your environment, Please check if database access id is locked out. If yes, unlock the database access id and restart all your app and batch servers.

ios9 Safari PeopleSoft Pages appear zoomed

After the recent upgrade to iOS9 from iOS 8.4.1 on iPAd Air and iPhone 6, PeopleSoft pages appears zoomed and entire UI looks messed up using safari. Our PeopleTools environment is 8.53.12 and this is reproducible in multiple demo environments including HR and Portal 9.1.

Stpes to reproduce the issue

1. Login to HRMS 9.1/Portal 9.1 Demo instance using iPad or iPhone running iOS9 using Safari

2. Open System Profile page

Screenshot of the zoomed page.

cdas_demo1_modified

Update from Oracle Support

This is a known issue tracked by

Bug 21626379 - IOS 9 BETA 5: CLASSIC PAGES ARE NOT RENDERING PROPERLY.

Apple Development is currently working on the issue

Updates : Issue is not resolved even with release of 9.1 and according to apple support they are still investigating the issue and it will be fixed in some unknown future release. Meanwhile Oracle has provided the workaround. Please test carefully before applying the workaround.

Please refer to following E-PIA Peoplesoft Classic Pages Are Not Rendering Correctly In IOS 9 (Doc ID 2057957.1)

for the workaround. It is different for 8.53 and below and 8.54 and above. 

Monday, August 31, 2015

You are not authorized to access this component. (40 20)

You may see this error message, even if you have granted correct security. To resolve this please run the below sql. Open the role and delete the orphan permission list or remove the role from the user and issue will be fixed.

This was happening as user has a role that had a permission list that did not existed in the database. This happens when the project is migrated to target database but does not include the permission list.

non-existing permission list assigned to the role.

Select R.rolename
, RC.classid
From psroleuser R
, psroleclass RC
Where RC.Rolename = R.Rolename
And not exists
(Select 'X' from psclassdefn C
Where C.classid = RC.classid)
And R.roleuser = '[--OPRID—]'

Original Post appeared in :

http://eliandokp.blogspot.com/2010/02/component-error-you-are-not-authorized.html