LDAP: error code 2 : Starting the WLS Managed Servers for WebCenter Spaces in HA Setup (Doc ID 1111923.1)

Last updated on AUGUST 01, 2016

Applies to:

Oracle WebCenter Portal - Version 11.1.1.2.0 and later
Information in this document applies to any platform.
Checked for relevance on 14-Aug-2013

Symptoms


After reassociating the WebCenter Policy and Credential store with OID in a High Availability (HA) setup, when attempting to start the WLS_Spaces Managed Servers in the second machine, the following error occurs:

oracle.security.jps.internal.policystore.ldap.StoreManager getJavaPolicyEntries
SEVERE: Error reading java policies for Application: cn=systempolicy,cn=webcenter_domain,cn=JPSContext,cn=root_webcenter_qa, Reason: oracle.security.jps.service.policystore.PolicyStoreException: javax.naming.CommunicationException: [LDAP: error code 2 - Bad Search Filter]; remaining name 'cn=Permissions,cn=JAAS Policy,cn=systempolicy,cn=webcenter_domain,cn=JPSContext,cn=root_webcenter_qa'
...

<Warning> <oracle.jps.deployment> <JPS-04084> <Migration of application policy failed. Reason: java.security.AccessControlException: access denied (oracle.security.jps.service.policystore.PolicyStoreAccessPermission context=APPLICATION,name=webcenter getApplicationPolicy).>
[JpsAuth] Check Permission
PolicyContext: [null]
Resource/Target: [context=APPLICATION,name=webcenter]
Action: [getApplicationPolicy]
Permission Class: [oracle.security.jps.service.policystore.PolicyStoreAccessPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@835a51b
CodeSource=file:/usr/local/redstack/product/fmw11g/oracle_common/modules/oracle.jps_11.1.1/jps-api.jar
Principals=total 0 of principals<no principals>
Permissions=(
(java.lang.RuntimePermission exitVM)
(java.io.FilePermission /usr/local/redstack/product/fmw11g/oracle_common/modules/oracle.jps_11.1.1/jps-api.jar read)
)
Call Stack: java.security.AccessControlException: access denied (oracle.security.jps.service.policystore.PolicyStoreAccessPermission context=APPLICATION,name=webcenter getApplicationPolicy)
...

<Warning> <oracle.jps.deployment> <JPS-04084> <Migration of application policy failed. Reason: java.security.AccessControlException: access denied (oracle.security.jps.service.policystore.PolicyStoreAccessPermission context=APPLICATION,name=webcenter getApplicationPolicy).>



This is WebCenter in HA setup with WebCenter domain in 2 machines with 5 WLS Managed Servers for WebCenter Spaces (WLS_Spaces) on each machine. The error happens when starting any of the managed servers on the second machine.
Starting the WLS Managed Servers for WebCenter Spaces (WLS_Spaces) on the first machine works most of the times but sporadically will also return the same errors.


Steps To Reproduce:

The issue can be reproduced with the following steps:

  1. Reassociate the WebCenter policy and credential store with OID in a HA setup with OiD installed in 2 or more servers front ended with a LBR.
  2. Start the WLS_Spaces managed servers on the first machine.
  3. Start the WLS_Spaces managed servers in the second machine.
    Here you should see the errors starting the managed servers in the second machine.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms