When Installing Second OracleAS Cluster for Identity Management Instance, DIPCA Fails with oracle.ldap.oidinstall.backend.OIDCAException: Invalid Credentials (Doc ID 430058.1)

Last updated on NOVEMBER 04, 2016

Applies to:

Oracle Fusion Middleware High Availability - Version: 10.1.2.0.2 to 10.1.4.0.1 - Release: AS10gR2 to AS10gR2
Information in this document applies to any platform.
Oracle Fusion Middleware HA - FMW HA - Version: 10.1.2.0.2 to 10.1.4.0.1

***Checked for relevance on 29-Mar-2011***

Symptoms

The objective is to install the second or subsequent OracleAS Clusters for Identity Management (active-active).

The load balancer being used is an F5 Version 9 Big-IP.

The Metadata Repository and the first of two or more Identity Management instances have been installed successfully.

During the install of the second (or possibly subsequent) Identity Management instance the installer fails at the configuration assistant phase with the 'Directory Integration Platform Configuration Assistant' (DIPCA) reporting the error

Extract from ORACLE_HOMEldap/log/dipca.log

Launched configuration assistant 'Directory Integration Platform Configuration Assistant'

oracle.ldap.oidinstall.backend.OIDCAException: Invalid Credentials
at oracle.ldap.oidinstall.backend.OIDConfiguration.sslbind(OIDConfiguration.java:814)
at oracle.ldap.oidinstall.backend.OIDConfiguration.<init>(OIDConfiguration.java:144)
at oracle.ldap.oidinstall.backend.OIDConfigWrapper.configDIP(OIDConfigWrapper.java:463)
at oracle.ldap.oidinstall.OIDCA.doSilent(OIDCA.java:591)
at oracle.ldap.oidinstall.OIDCA.run(OIDCA.java:818)
at oracle.ldap.oidinstall.OIDCA.main(OIDCA.java:957)

The Metadata Repository and the Oracle Internet Directory in the first IM instance are both up and running

An ldapbind test using the cluster virtual hostname works fine to the non-ssl port

ldapbind -h IMcluster_virtual_hostname.oracle.com -p 389

but a ldapbind to the ssl port

ldapbind -h IMcluster_virtual_hostname.oracle.com -p 636 -U 1

fails with a "broken pipe message" 

An ldapbind test to the non-ssl port and the ssl port using the real hostname of one of the Identity Management instances e.g.

ldapbind -h IMnode1_real_hostname.oracle.com -p 636 -U 1

works fine

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms