OBIEE 11g - WebLogic Servers are Slow to Start and Logins to OBIEE Fail at the Disaster Recovery Site (Doc ID 2053511.1)

Last updated on SEPTEMBER 10, 2015

Applies to:

Business Intelligence Server Administrator - Version 11.1.1.7.150120 and later
Information in this document applies to any platform.

Symptoms

The Production environment comprises WLS-OBIEE running on Oracle Virtual Machine (VM) servers with users authenticated and authorized via MS Active Directory (MSAD).

A remote Disaster Recovery (DR) site has been established, that is "isolated" from and with no direct network access to the Production site; and in this way, the DR servers will have the same host / server names - but different IP addresses - to the Production servers.

All the Production VM servers with WLS-OBIEE and with the Database hosting the RCU schemas were cloned and replicated to the DR site. 

As the DR OBIEE will now be accessing the DR MSAD LDAPs (located "locally" at the DR site), the MSAD security provider was modified to specify the IP address for the MSAD LDAP server.  But now WebLogic takes a long time to startup in RUNNING status, and logins to OBIEE (/analytics) fail. 

It was observed that if the "Follow referrals" option was disabled / checked OFF for the MSAD security provider then WebLogic starts quickly.  MSAD Users are visible in Security Realms > myrealm > Users and Groups > Users, and MSAD Groups are visible in Security Realms > myrealm > Users and Groups > Groups.  However, User-Group assignments were not successful (as below), and logins to OBIEE (/analytics) continued to fail. 

In the Users tab, click on a name and click on the Groups tab.  See the following error is thrown: 

[Security:090306]Authentication Failed Getting Groups for User <User Name> java.lang.RuntimeException: netscape.ldap.LDAPReferralException: referral (0);
Success ldap://DomainDnsZones.<Domain Name>.local/DC=DomainDnsZones,DC=<Domain Name>,DC=local

 In the Groups tab, click on a name and click on the Membership tab.  See the following error is thrown:

[Security:090278]Error listing member groups <Group Name>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms