OPMN FAILED TO
START (unexpected
exit: status 4200)
After Applying
OCTOBER 2019 CPU PATCH ON EBS R12 SYSTEM.
When we try to
bring up the services.
Error on starting
opmn services
opmnctl
startall
opmnctl startall: starting opmn and all managed processes...
[2019-11-21T21:25:37-08:00] [opmn] [ERROR:1] [] [internal] /u01/**/appl**/fs2/FMW_Home/webtier/opmn/bin/opmn: unexpected exit: status 4200
opmnctl startall: opmn failed to start.
opmnctl startall: starting opmn and all managed processes...
[2019-11-21T21:25:37-08:00] [opmn] [ERROR:1] [] [internal] /u01/**/appl**/fs2/FMW_Home/webtier/opmn/bin/opmn: unexpected exit: status 4200
opmnctl startall: opmn failed to start.
For solution
followed the steps as suggested.
Additional Steps
to Configure OHS/OPMN 11.1.1.9 Components for Oracle E-Business Suite Release
12.2 After Applying the July 2019 and Later FMW Security Patch(Doc ID 2555355.1)
SOLUTION
Source ENV
2. Set an alias for the correct orapki.
alias orapki=$FMW_HOME/oracle_common/bin/orapki
Verify using which orakpi
3. Create a new wallet with an acceptable self-signed certificate in $HOME/ss(You can use any location. Preferred is $HOME/ss).
Eg:
$ mkdir ~/ss
$ cd ~/ss
$ orapki wallet create -wallet . -auto_login_only
$ orapki wallet add -wallet . -dn "CN=FMWSmallCircleOfTrust" -asym_alg RSA -keysize 2048 -sign_alg sha256 -self_signed -validity 3652 -auto_login_only
$ orapki wallet display -wallet .
4. Go to the instance directory.
$ cd $FMW_HOME/webtier/instances/$iName
5. Find the default wallets used by this instance.
Eg:
$ find . -name cwallet.sso
./config/OPMN/opmn/wallet/cwallet.sso
./config/OHS/EBS_web/proxy-wallet/cwallet.sso
./config/OHS/EBS_web/keystores/default/cwallet.sso
6. Verify that each wallet only contains the self-signed certificate.
$ find . -name cwallet.sso | while read w ;do echo -e "\n$w"; orapki wallet display -nologo -wallet $w ;done
If it is a default wallet, each wallet should list one "User Certificate" and an identical "Trusted Certificate", as shown in the following example:
$./config/OPMN/opmn/wallet/cwallet.sso
Requested Certificates:
User Certificates:
Subject: CN=Self-Signed Certificate for EBS_web_OHS1\20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US
Trusted Certificates:
Subject: CN=Self-Signed Certificate for EBS_web_OHS1\20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US
7. Copy the new SHA-256 signed wallet to all default wallet locations.
$ find . -name cwallet.sso | while read w ; do echo $w; cp -p ~/ss/cwallet.sso $w ; done
This avoids modifying the OPMN and OHS configuration files to point to a different wallet (or wallet directory).
With the new wallet in place, OPMN and OHS should be able to start.
You can use adopmnctl.sh start ;
2. Set an alias for the correct orapki.
alias orapki=$FMW_HOME/oracle_common/bin/orapki
Verify using which orakpi
3. Create a new wallet with an acceptable self-signed certificate in $HOME/ss(You can use any location. Preferred is $HOME/ss).
Eg:
$ mkdir ~/ss
$ cd ~/ss
$ orapki wallet create -wallet . -auto_login_only
$ orapki wallet add -wallet . -dn "CN=FMWSmallCircleOfTrust" -asym_alg RSA -keysize 2048 -sign_alg sha256 -self_signed -validity 3652 -auto_login_only
$ orapki wallet display -wallet .
4. Go to the instance directory.
$ cd $FMW_HOME/webtier/instances/$iName
5. Find the default wallets used by this instance.
Eg:
$ find . -name cwallet.sso
./config/OPMN/opmn/wallet/cwallet.sso
./config/OHS/EBS_web/proxy-wallet/cwallet.sso
./config/OHS/EBS_web/keystores/default/cwallet.sso
6. Verify that each wallet only contains the self-signed certificate.
$ find . -name cwallet.sso | while read w ;do echo -e "\n$w"; orapki wallet display -nologo -wallet $w ;done
If it is a default wallet, each wallet should list one "User Certificate" and an identical "Trusted Certificate", as shown in the following example:
$./config/OPMN/opmn/wallet/cwallet.sso
Requested Certificates:
User Certificates:
Subject: CN=Self-Signed Certificate for EBS_web_OHS1\20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US
Trusted Certificates:
Subject: CN=Self-Signed Certificate for EBS_web_OHS1\20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US
7. Copy the new SHA-256 signed wallet to all default wallet locations.
$ find . -name cwallet.sso | while read w ; do echo $w; cp -p ~/ss/cwallet.sso $w ; done
This avoids modifying the OPMN and OHS configuration files to point to a different wallet (or wallet directory).
With the new wallet in place, OPMN and OHS should be able to start.
You can use adopmnctl.sh start ;
adapcctl.sh start to verify startup of just OPMN and OHS.
Alternatively, you can run adstrtal.sh to attempt to start
everything simultaneously.
5. Retest the issue.
5. Retest the issue.
Services are up and running.