Tuesday, August 10, 2021

Powershell Useful Commands

Import Web Admin Module

Import-Module WebAdministration

Default IIS Log Directory

(Get-WebConfigurationProperty '/system.applicationHost/sites/siteDefaults' -Name 'logfile.directory').Value

Get All Websites on The IIS

PS>Get-WebSite

Name             ID   State      Physical Path                  Bindings

----             --   -----      -------------                  --------

mypool              2    Stopped    E:\mypool                         http *:80:

                                                                https *:443: sslFlags=0

mypoolpoc           3    Started    e:\mypoolPoc                      http *:80:

OR

# To show configured IIS sites:

# -----------------------------------------------------------------------------

Get-ChildItem IIS:\Sites

Stop Website

PS> Stop-WebSite -Name "mysite"


Start Website

PS> Start-WebSite -Name 'mysite'


Invoke URL

PS>Invoke-WebRequest -URI http://localhost


Telnet

PS> Test-NetConnection <SERVERNAME> -Port <PORT>


Tail File

PS> Get-Content  .\error.log -Tail 2 –Wait


Last 10 reboot

PS> Get-WinEvent -FilterHashtable @{logname = 'System'; id = 1074, 6005, 6006, 6008} -MaxEvents 8 | Format-Table -wrap


Install IIS Server

Install-WindowsFeature -name Web-Server -IncludeManagementTools


IIS Server Version

Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp\ | Select-Object

[System.Diagnostics.FileVersionInfo]::GetVersionInfo(“C:\Windows\system32\notepad.exe”).FileVersion

reg query HKLM\SOFTWARE\Microsoft\InetStp\


Windows Server

(Get-WmiObject -class Win32_OperatingSystem).Caption

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"


Share Folder with Multiple Users

net share GlobalScape=E:\Globalscape /grant:"DOMAIN\ADGROUP",FULL  /grant:"DOMAIN\USERNAME",FULL


Get Permission on the Folder

Get-SmbShareAccess -Name "Globalscape"

(Get-Acl -Path \\HOSTNAME\GLOBALSCAPE).Access | Format-Table -AutoSize


Change Permission on the Folder

(Get-ACL -Path .\Certificates\).Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize

$ACL = Get-ACL -Path ".\Certificates"

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("username","FullControl","Allow")

$ACL.SetAccessRule($AccessRule)

$ACL | Set-Acl -Path ".\Certificates"

(Get-ACL -Path ".\Certificates").Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize


Remove Permission on the Folder

$ACL = Get-Acl -Path ".\sample.txt"

$ACL.SetAccessRuleProtection($true,$false)

$ACL | Set-Acl -Path ".\sample.txt"

(Get-ACL -Path ".\sample.txt").Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize

$ACL = Get-ACL -Path ".\sample.txt"

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators","FullControl","Allow")

$ACL.RemoveAccessRule($AccessRule)

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","Allow")

$ACL.RemoveAccessRule($AccessRule)

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Users","ReadAndExecute, Synchronize","Allow")

$ACL.RemoveAccessRule($AccessRule)

$ACL | Set-Acl -Path ".\sample.txt"

(Get-ACL -Path ".\sample.txt").Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize

$ACL = Get-ACL -Path ".\sample.txt"

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","Allow")

$ACL.RemoveAccessRule($AccessRule)

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Users","ReadAndExecute, Synchronize","Allow")

$ACL.RemoveAccessRule($AccessRule)

$ACL | Set-Acl -Path ".\sample.txt"

(Get-ACL -Path ".\sample.txt").Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize


Unzip the .zip file:

PS E:\Program Files\Java> Expand-Archive -Force jdk1.8.0_271.zip .\jre-8u271-windows-x64.tar\


Get Powershell Version

Get-Host | Select-Object Version


RAM Size

([Math]::Round(((Get-WmiObject -Class Win32_ComputerSystem).TotalPhysicalMemory/1GB),0))


CPU

Get-WmiObject -Class Win32_Processor | Select-Object -Property Name, Number*


Show Certificates

Get-ChildItem -Path Cert:\LocalMachine\Root


Import Certificates

Import-Certificate -FilePath "E:\Maintenance\wsctt.pem" -CertStoreLocation Cert:\LocalMachine\Root


Delete Service

(Get-Service).where({$_.Name -like 'wpnuserservice*'}) | Select-Object -Property *

$service = Get-WmiObject -Class Win32_Service -Filter "Name='servicename'"

$service.delete()


Get  IIS Application Pool Identity Account Passwords in Clear Text

Method#1:

Get-CimInstance -Namespace root/MicrosoftIISv2 -ClassName IIsApplicationPoolSetting -Property Name, WAMUserName, WAMUserPass | select Name, WAMUserName, WAMUserPass

If errors out then run

Add-WindowsFeature Web-WMI | Format-List


Method#2:

$appPools = Get-WebConfiguration -Filter '/system.applicationHost/applicationPools/add'

foreach($appPool in $appPools)

{

if($appPool.ProcessModel.identityType -eq "SpecificUser")

{

Write-Host $appPool.Name -ForegroundColor Green -NoNewline

Write-Host " -"$appPool.ProcessModel.UserName"="$appPool.ProcessModel.Password

}

}


Install Module Offline

On Local Machine:

Save-Module IISAdministration -Path \\HOSTNAME\E$\Maintenance -Repository PSGallery

On Server:

cd "C:\Program Files\WindowsPowerShell\Modules"

Copy-Item E:\Maintenance\IISAdministration -Destination .\ -Recurse

Import-Module IISAdministration

Get-Module IISAdministration


Test HTTPS URL

Enable TLS1.2

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12


Ignore Certificate

if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)

{

$certCallback = @"

    using System;

    using System.Net;

    using System.Net.Security;

    using System.Security.Cryptography.X509Certificates;

    public class ServerCertificateValidationCallback

    {

        public static void Ignore()

        {

            if(ServicePointManager.ServerCertificateValidationCallback ==null)

            {

                ServicePointManager.ServerCertificateValidationCallback +=

                    delegate

                    (

                        Object obj,

                        X509Certificate certificate,

                        X509Chain chain,

                        SslPolicyErrors errors

                    )

                    {

                        return true;

                    };

            }

        }

    }

"@

    Add-Type $certCallback

 }

[ServerCertificateValidationCallback]::Ignore()


Execute the command

Invoke-WebRequest -URI https://localhost:8443 -UseBasicParsing


Get AppPool Recycling Settings

$ConfigSection = Get-IISConfigSection -SectionPath "system.applicationHost/applicationPools"

$SitesCollection = Get-IISConfigCollection -ConfigElement $ConfigSection

$Site = Get-IISConfigCollectionElement -ConfigCollection $SitesCollection -ConfigAttribute @{"name" = "myapppool"}

$recycling = Get-IISConfigElement -ConfigElement $Site -ChildElementName "recycling"

$flags = $recycling.Attributes["logEventOnRecycle"].Value


$onRecycle = @{

'Time' = [bool]($flags -band 1) # Specific Time

'Requests' = [bool]($flags -band 2) # Request Limit Exceeded

'Schedule' = [bool]($flags -band 4) # Regular Time Interval

'Memory' = [bool]($flags -band 8) # Virtual Memory Limit Exceeded

'IsapiUnhealthy' = [bool]($flags -band 16) # Isapi Reported Unhealthy

'OnDemand' = [bool]($flags -band 32) # Manual Recycle

'ConfigChange' = [bool]($flags -band 64) # Application Pool Configuration Changed

'PrivateMemory' = [bool]($flags -band 128) # Private Memory Limit Exceeded

}

$onRecycle


Find files modified in last 21 days

$days_to_check=$(Get-Date).AddDays(-21)

Get-ChildItem E:\Inetpub\*.* -Recurse | where { $_.LastWriteTime -gt $days_to_check } | Foreach {

"File Name: " + $_.Name


Web Module Installed on IIS

PS> Get-WebGlobalModule


Get Scheduled Task Details

PS> Get-ScheduledTask -TaskName VU* | Format-Table State, TaskName, Triggers

State TaskName Triggers
----- -------- --------
Ready VU_AUTO_FileXfer_Daily {MSFT_TaskDailyTrigger}

PS> Get-ScheduledTask -TaskName VU* | Get-ScheduledTaskInfo | Format-Table TaskName, LastRuntime, NextRuntime

TaskName LastRuntime NextRuntime
-------- ----------- -----------
VU_AUTO_FileXfer_Daily 8/10/2021 12:00:00 PM 8/11/2021 12:00:00 PM

Friday, June 25, 2021

Ansible Installation using non-root user on Linux

Install required RPMs:

yum install gcc*

yum install zlib

yum install zlib-devel

yum install perl

yum install libffi-*


Install OpenSSL using source code:

Download OpenSSL and unzip it. 

Change directory to openssl and execute the below commands.

$ cd openssl-1.1.1i

$ ./config --prefix=/app/openssl --openssldir=/app/openssl

Operating system: x86_64-whatever-linux2

Configuring OpenSSL version 1.1.1i (0x1010109fL) for linux-x86_64

Using os-specific seed configuration

Creating configdata.pm

Creating Makefile

**********************************************************************

*** ***

*** OpenSSL has been successfully configured ***

*** ***

*** If you encounter a problem while building, please open an ***

*** issue on GitHub <https://github.com/openssl/openssl/issues> ***

*** and include the output from the following command: ***

*** ***

*** perl configdata.pm --dump ***

*** ***

*** (If you are new to OpenSSL, you might want to consult the ***

*** 'Troubleshooting' section in the INSTALL file first) ***

*** ***

**********************************************************************


$ make prefix=/app/openssl

.

.

.

chmod a+x tools/c_rehash

/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \

"-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh"

chmod a+x util/shlib_wrap.sh

make[1]: Leaving directory `/app/software/openssl-1.1.1i'

rm -f test/x509aux

${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \

-o test/x509aux test/x509aux.o \

test/libtestutil.a -lcrypto -ldl -pthread

make[1]: Leaving directory `/app/software/openssl-1.1.1i'


$ make install prefix=/app/openssl


.


.


.

/app/openssl/share/doc/openssl/html/man7/des_modes.html

/app/openssl/share/doc/openssl/html/man7/evp.html

/app/openssl/share/doc/openssl/html/man7/ossl_store-file.html

/app/openssl/share/doc/openssl/html/man7/ossl_store.html

/app/openssl/share/doc/openssl/html/man7/passphrase-encoding.html

/app/openssl/share/doc/openssl/html/man7/proxy-certificates.html

/app/openssl/share/doc/openssl/html/man7/scrypt.html

/app/openssl/share/doc/openssl/html/man7/ssl.html

/app/openssl/share/doc/openssl/html/man7/x509.html


$ export LD_LIBRARY_PATH=/app/openssl/lib

$ export PATH=/app/openssl/bin:$PATH


Install Python using source code:

$ cd /app/software/Python-3.9.1/Modules

Update openssl location in Setup file as shown below

$ vi Setup

#SSL=/usr/local/ssl

SSL=/app/openssl

_ssl _ssl.c \

-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \

-L$(SSL)/lib -lssl -lcrypto


$ cd ..

$ ./configure --prefix=/app/python --with-openssl=/app/openssl

.

.

.

checking whether compiling and linking against OpenSSL works... no

checking for --with-ssl-default-suites... python

checking for --with-builtin-hashlib-hashes... md5,sha1,sha256,sha512,sha3,blake2

configure: creating ./config.status

config.status: creating Makefile.pre

config.status: creating Misc/python.pc

config.status: creating Misc/python-embed.pc

config.status: creating Misc/python-config.sh

config.status: creating Modules/ld_so_aix

config.status: creating pyconfig.h

creating Modules/Setup.local

creating Makefile

If you want a release build with all stable optimizations active (PGO, etc),

please run ./configure --enable-optimizations


$ make

Python build finished successfully!

The necessary bits to build these optional modules were not found:

_bz2 _curses _curses_panel

_dbm _gdbm _lzma

_sqlite3 _tkinter _uuid

readline

To find the necessary bits, look in setup.py in detect_modules() for the module's name.

The following modules found by detect_modules() in setup.py, have been

built by the Makefile instead, as configured by the Setup files:

_abc _ssl atexit

pwd time

running build_scripts

copying and adjusting /app/software/Python-3.9.1/Tools/scripts/pydoc3 -> build/scripts-3.9

copying and adjusting /app/software/Python-3.9.1/Tools/scripts/idle3 -> build/scripts-3.9

copying and adjusting /app/software/Python-3.9.1/Tools/scripts/2to3 -> build/scripts-3.9

changing mode of build/scripts-3.9/pydoc3 from 644 to 755

changing mode of build/scripts-3.9/idle3 from 644 to 755

changing mode of build/scripts-3.9/2to3 from 644 to 755

renaming build/scripts-3.9/pydoc3 to build/scripts-3.9/pydoc3.9

renaming build/scripts-3.9/idle3 to build/scripts-3.9/idle3.9

renaming build/scripts-3.9/2to3 to build/scripts-3.9/2to3-3.9

gcc -pthread -Xlinker -export-dynamic -o Programs/_testembed Programs/_testembed.o libpython3.9.a -lcrypt -lpthread -ldl -lutil -lm -L/app/openssl/lib -lssl -lcrypto -lm

sed -e "s,@EXENAME@,/app/python/bin/python3.9," < ./Misc/python-config.in >python-config.py

LC_ALL=C sed -e 's,\$(\([A-Za-z0-9_]*\)),\$\{\1\},g' < Misc/python-config.sh >python-config


$ make --prefix=/app/python install

Looking in links: /tmp/tmpxpcao9pg

Processing /tmp/tmpxpcao9pg/setuptools-49.2.1-py3-none-any.whl

Processing /tmp/tmpxpcao9pg/pip-20.2.3-py2.py3-none-any.whl

Installing collected packages: setuptools, pip

WARNING: The script easy_install-3.9 is installed in '/app/python/bin' which is not on PATH.

Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.

WARNING: The scripts pip3 and pip3.9 are installed in '/app/python/bin' which is not on PATH.

Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.

Successfully installed pip-20.2.3 setuptools-49.2.1


Update .bashrc and add Python path:

export LD_LIBRARY_PATH=/app/openssl/lib

export PATH=/app/openssl/bin:/app/python/bin:$PATH


Download and install below python modules:

Install setuptools

$ cd setuptools-53.0.0

$ python3 setup.py install --prefix=/app/python/


Install pycryptodome

$ cd pycryptodome-3.9.9

$ python3 setup.py install --prefix=/app/python/


Install pycparser

$ cd pycparser-2.20

$ python3 setup.py install --prefix=/app/python/


Install cffi

$ cd cffi-1.14.4

$ python3 setup.py install --prefix=/app/python/


Install pyparsing

$ cd pyparsing-2.4.7

$ python3 setup.py install --prefix=/app/python/


Install packaging

$ cd packaging-20.9

$ python3 setup.py install --prefix=/app/python/


Install setuptools_scm

$ cd setuptools_scm-5.0.1

$ python3 setup.py install --prefix=/app/python/


Install wheel

$ cd wheel-0.36.2

$ python3 setup.py install --prefix=/app/python/


Install toml

$ cd toml-0.10.2

$ python3 setup.py install --prefix=/app/python/


Install semantic_version

$ cd semantic_version-2.8.5

$ python3 setup.py install --prefix=/app/python/


Install setuptools_rust

$ cd setuptools-rust-0.11.6

$ python3 setup.py install --prefix=/app/python/


Install MarkupSafe

$ pip3 install MarkupSafe-1.1.1-cp39-cp39-manylinux2010_x86_64.whl


Install pyYAML

$ pip3 install PyYAML-5.4.1-cp39-cp39-manylinux1_x86_64.whl


Install Jinja2

$ pip3 install Jinja2-2.11.3-py2.py3-none-any.whl


Install cryptography

$ pip3 install cryptography-3.4.2-cp36-abi3-manylinux2014_x86_64.whl


Install ansible-base

$ cd ansible-base-2.10.5

$ python3 setup.py install --prefix=/app/python/

Using /app/python/lib/python3.9/site-packages

Finished processing dependencies for ansible-base==2.10.5


Install ansible

$ cd ansible-2.10.6

$ python3 setup.py install --prefix=/app/python/

Using /app/python/lib/python3.9/site-packages

Finished processing dependencies for ansible==2.10.6


Install six

$ cd six-1.15.0

$ python3 setup.py install --prefix=/app/python/


Install ntlm_auth

$ cd ntlm-auth-1.5.0

$ python3 setup.py install --prefix=/app/python/


Install certifi

$ cd certifi-2020.12.5

$ python3 setup.py install --prefix=/app/python/


Install urllib3

$ cd urllib3-1.26.3

$ python3 setup.py install --prefix=/app/python/


Install idna

$ cd idna-2.10

$ python3 setup.py install --prefix=/app/python/


Install chardet

$ cd chardet-4.0.0

$ python3 setup.py install --prefix=/app/python/


Install requests

$ cd requests-2.25.1

$ python3 setup.py install --prefix=/app/python/


Install requests_ntlm3

$ cd requests_ntlm3-6.1.3b1

$ python3 setup.py install --prefix=/app/python/


Install requests_ntlm

$ cd requests_ntlm-1.1.0

$ python3 setup.py install --prefix=/app/python/


Install xmltodict

$ cd xmltodict-0.12.0

$ python3 setup.py install --prefix=/app/python/


Install pywinrm

$ cd pywinrm2-0.0.0

$ python3 setup.py install --prefix=/app/python/


$ ansible --version

ansible 2.10.5

config file = None

configured module search path = ['/home/cipamgr/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

ansible python module location = /app/python/lib/python3.9/site-packages/ansible_base-2.10.5-py3.9.egg/ansible

executable location = /app/python/bin/ansible

python version = 3.9.1 (default, Feb 9 2021, 00:46:54) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]


Saturday, June 6, 2020

HOW TO: Setup Beeline on linux for connecting to remote instance of Hive using Kerberos

To set up the connectivity, you have to download binaries that are required for a successful connection. These binaries can be downloaded from below links:

After downloading the tar files, extract them using below commands:

tar -xvzf hadoop-2.5.1.tar.gz
tar -xvzf apache-hive-1.2.1-bin.tar.gz

Folder Structure:
Let's say you extracted the tar files @/home/user/beeline. At this path, two new folders will get created hadoop-2.5.1 and apache-hive-1.2.1-bin.  Now also extract JRE here. Also, create two empty folders "conf" and "bin".
So your directory structure is now:


/home/user/beeline
/home/user/beeline/hadoop-2.5.1
/home/user/beeline/apache-hive-1.2.1-bin
/home/user/beeline/jre
/home/user/beeline/conf
/home/user/beeline/bin

setEnv.sh File:
Create setEnv.sh file and save it inside "bin" folder. Paste below content inside it:

export HADOOP_HOME=/home/user/beeline/hadoop-2.5.1
export HIVE_HOME=/home/user/beeline/apache-hive-1.2.1-bin
export JAVA_HOME=/home/user/beeline/jre
PATH=$PATH:$HIVE_HOME/bin:$JAVA_HOME/bin
export HADOOP_OPTS="$HADOOP_OPTS -Dsun.security.krb5.debug=true -Djava.security.krb5.conf=/home/user/beeline/conf/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=/home/user/beeline/conf/jaas.conf"

jaas.conf File:

Create and save jaas.conf file under conf folder

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;
};
krb5.conf File:

Create and save krb5.conf File under conf folder. Modify this file as per your environment.

[logging]
default = FILE:~/krb5libs.log
kdc = FILE:~/krb5kdc.log
admin_server = FILE:~/kadmind.log
kdc_rotate = {"period"=>"1d", "versions"=>200}
admin_server_rotate = {"period"=>"1d", "versions"=>201}

[libdefaults]
    default_realm = DOMAIN.COM
    dns_lookup_realm = false
    dns_lookup_kdc = false
    forwardable = true
    renew_lifetime = 30d
    ticket_lifetime = 30d
    renewable = yes
    service = yes
    kdc_timeout = 5000
    default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-hmac-sha1
    default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-hmac-sha1
    allow_weak_crypto = yes
    udp_preference_limit = 1

[realms]
  DOMAIN.COM = {
     kdc = kdcserver.domain.com:88
     default_domain  = domain.com
    }

  [domain_realm]
    .domain.com = DOMAIN.COM 
    domain.com = DOMAIN.COM

[appdefaults]
  pam = {
      debug = false
      forwardable = true
      renew_lifetime = 36000
      ticket_lifetime = 36000
      krb4_convert = false
    }

Source file & generate kerberos ticket:
source /home/user/beeline/bin/setEnv.sh
kinit -kt <Location of keytab file>/krbuser.keytab <SPN> (“krb5-workstation” rpm is required to run kinit command.)
klist (To check if ticket is generated successfully.)

Connect to Hive instance:
beeline –u “JDBC URL” 

 beeline -u "jdbc:hive2://<hive hostname>.domain.com:10000/;principal=hive/<hive hostname>.domain.com@DOMAIN.COM"


Monday, September 11, 2017

OEM 13c : Error Occurred: WebTier Could Not Be Started.


Error Message on starting OMS:

 $ ./emctl start oms

Oracle Enterprise Manager Cloud Control 13c Release 2

Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.

Starting Oracle Management Server...

WebTier Could Not Be Started.

Error Occurred: WebTier Could Not Be Started.

What does log emctl.log says?

[Thread-2] INFO  commands.BaseCommand run.605 - log4j:WARN No appenders could be found for logger (emctl.secure.oms.AdminCredsWalletUtil).

[Thread-2] INFO  commands.BaseCommand run.605 - log4j:WARN Please initialize the log4j system properly.

[Thread-1] INFO  commands.BaseCommand run.605 - Failed to get passwords from credential store

[Thread-1] INFO  commands.BaseCommand run.605 - Exception:  java.io.IOException  value:  java.io.IOException

 What is the health or status of emkey?
$ ./emctl status emkey

Oracle Enterprise Manager Cloud Control 13c Release 2

Copyright (c) 1996, 2016 Oracle Corporation.  All rights reserved.

Enter Enterprise Manager Root (SYSMAN) Password :

Error occurred. Check the log /app/oracle/gc_inst/em/EMGC_OMS1/sysman/log/secure.log

Hmm emkey health not good. What does secure.log says now?

Caused by: java.lang.SecurityException: The jurisdiction policy files are not signed by a trusted signer!

        at javax.crypto.JarVerifier.verifyPolicySigned(JarVerifier.java:292)

        at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:317)

        at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:262)

What does this error message suggest?

jurisdiction policy files” suggest something wrong with Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File.

What to do?

First check the java version, then download and copy the policy file accordingly.
$ $JDK_HOME/bin/java -version
java version "1.7.0_111"
Java(TM) SE Runtime Environment (build 1.7.0_111-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.111-b13, mixed mode)



and then copy below jars

US_export_policy.jar
local_policy.jar

to $JDK_HOME/jre/lib/security

 

Restart OMS Server
./emctl start OMS

 

Monday, April 4, 2016

Connect to MS SQL Database from Weblogic using Domain ID

MS SQL Database can be accessed using user domain id through Oracle Weblogic Server data source. This can be achieved using open source MS SQL driver JTDS. It can be downloaded from https://sourceforge.net/projects/jtds/files/jtds.

PRE-CONFIGURATION STEPS:-

  • Download the open source JDBC driver for Microsoft SQL Server.
  • Unzip the jtds-1.3.1-dist.zip 
  • Copy jtds-1.3.1.jar to $DOMAIN_HOME/lib
  • Restart the servers
CONFIGURATION STEPS:-

  • Click on "Lock & Edit" under "Change Center"
  • On the Home Page, Click on "Data Source" under "Services"
  • Under "Configuration" tab, Click on "New", select "Generic Data Source". Give the Name & JNDI Name.For Database Type. Select "MS SQL Server".Click "Next"
 
  • Select "Other" for "Database Driver"
    Click "Next"

  • Select the "Transaction Options"
    Click "Next"
  • Provide "Database User Name" & "Password"
    Click "Next"

  • Driver Class Name: net.sourceforge.jtds.jdbc.Driver
    URL: jdbc:jtds:sqlserver://mysqldb.mycompany.com:1433/DB_NAME;domain=MYCOMPANY;USENTLMV2=TRUE
    Click on "Test Configuration"
    Click "Next"

  • Select Targets
    Click "Finish"