My Oracle Support Banner

When Installing Second OracleAS Cluster for Identity Management Instance, DIPCA Fails with oracle.ldap.oidinstall.backend.OIDCAException: Invalid Credentials (Doc ID 430058.1)

Last updated on AUGUST 20, 2019

Applies to:

Oracle Fusion Middleware High Availability - Version 10.1.2.0.2 to 10.1.4.0.1 [Release AS10gR2]
Information in this document applies to any platform.
Oracle Fusion Middleware HA - FMW HA - Version: 10.1.2.0.2 to 10.1.4.0.1

***Checked for relevance on 29-Mar-2011***


Symptoms

The objective is to install the second or subsequent OracleAS Clusters for Identity Management (active-active).

The load balancer being used is an F5 Version 9 Big-IP.

The Metadata Repository and the first of two or more Identity Management instances have been installed successfully.

During the install of the second (or possibly subsequent) Identity Management instance the installer fails at the configuration assistant phase with the 'Directory Integration Platform Configuration Assistant' (DIPCA) reporting the error

Extract from ORACLE_HOMEldap/log/dipca.log

Launched configuration assistant 'Directory Integration Platform Configuration Assistant'

oracle.ldap.oidinstall.backend.OIDCAException: Invalid Credentials
at oracle.ldap.oidinstall.backend.OIDConfiguration.sslbind(OIDConfiguration.java:814)
at oracle.ldap.oidinstall.backend.OIDConfiguration.<init>(OIDConfiguration.java:144)
at oracle.ldap.oidinstall.backend.OIDConfigWrapper.configDIP(OIDConfigWrapper.java:463)
at oracle.ldap.oidinstall.OIDCA.doSilent(OIDCA.java:591)
at oracle.ldap.oidinstall.OIDCA.run(OIDCA.java:818)
at oracle.ldap.oidinstall.OIDCA.main(OIDCA.java:957)

The Metadata Repository and the Oracle Internet Directory in the first IM instance are both up and running

An ldapbind test using the cluster virtual hostname works fine to the non-ssl port

ldapbind -h IMcluster_virtual_hostname.domain -p 389

but a ldapbind to the ssl port

ldapbind -h IMcluster_virtual_hostname.domain -p 636 -U 1

fails with a "broken pipe message" 

An ldapbind test to the non-ssl port and the ssl port using the real hostname of one of the Identity Management instances e.g.

ldapbind -h IMnode1_real_hostname.domain -p 636 -U 1

works fine

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.