DELETING A CORRUPT PLANNING APPLICATION FROM EPM REGISTRY

A planning application, when it goes corrupt/missing,  can cause a lot of angst. This is one of those occasions where one can truly appreciate the beauty of the epmregistry utility.

We can invoke this utility from this location
MIDDLEWARE_HOME\user_projects\instance_name\bin directory  

In order to first begin , generate a registry report the output can be viewed in the diagnostics/reports directory.

Firstly proceed to delete the instance :

Delete Instance File
epmsys_registry removefile PLANNING_PRODUCT/@APPLICATIONNAME.instance

Now, get to the planning application:

Delete PLANNING  application
epmsys_registry deletecomponent #APPLICATIONNAME.HP

Post this , it should be a relatively straight forward approach of recreating the planning application .The best part about using this method is that you are able to give the application the same name post corruption. Not sure if that would have been possible in earlier releases.

How to deal with cwallet.sso corruption for EAS Service

I recently faced an issue with an EAS service which failed to startup properly. The eas_sysout.log was full of error messages like what is shown below:

Caused By: oracle.security.jps.service.credstore.CredStoreException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: PKI-02002: Unable to open the wallet. Check password. 
at oracle.security.jps.internal.credstore.ssp.CsfWalletManager.openWallet(CsfWalletManager.java:184)
at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.doInit(SspCredentialStore.java:239)
at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.(SspCredentialStore.java:153)
at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.(SspCredentialStore.java:139)
at oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider.getInstance(SspCredentialStoreProvider.java:115)
Truncated. see log file for complete stacktrace

This indicates a corruption of the cwallet.sso file . The reasons behind the corruption of the file could be anything.  We should check for permissions and what kind of access is present on the file and the folder containing the file. Typically, Administrators must have ‘full control’ on the file and the folder. If that is set right and the service still doesn’t start up, look up the size difference of the cwallet.sso  in the

MIDDLEWARE_HOME\user_projects\domains\domainname\config\fmwconfig  and the bootstrap folder . If there is a difference, obviously something is wrong in the file present in the fmwconfig. Rename and replace with the file in the bootstrap folder and try and start up the service. If it still errors out, Consider this alternative:

Create a new location for the cwallet.sso that the EAS is going to use: EPM_ORACLE_HOME\products\Essbase\eas\server.

The KM article 1447461.1 , provides a detailed step by step account of how to achieve this.

Follow the steps indicated in that article and grant full permissions on the cwallet.sso regenerated once the service is started up. That should help in resolving the issue. 

How to sync time across servers

I cannot stress enough on the importance of the need for all the servers in the Hyperion stack to be in sync.

In any traditional setup one will mostly see , a database server , all hyperion application servers, a server for programs to pull/push data from/to hyperion systems.

If any of these servers are out of sync in time due to ACL issues or networks issues , the impact is felt widely on the Hyperion side of things.  Just to sight a few examples, Users could face issues logging into the system or programs that run on hyperion might not run at the intended time or even produce erroneous results depending on the nature of the program. 

I am about to cover how to achieve a sync of time data with the NTP Server. 

On Windows operating system , the w32time utility proves very effective in achieving the same. 

net stop w32time

w32tm /config /syncfromflags:manual /manualpeerlist:"NTP.SERVER.COM"

w32tm /config /reliable:yes

net start w32time

w32tm /query /configuration

How to Renew SSL Certificate using Oracle HTTP Server Wallet Manager

In my current setup I have an SSL Certificate valid for a year and every year it requires renewal of the certificate.There are a couple of good KMs on metalink that can be followed to carry this out. Some of them that serve as a good starting point are:

Doc ID 1530169.1
Doc ID 317405.1
Doc ID 1391487.1 

I am going to mention briefly what I had to do to achieve this in my environment:

1. Login to the Wallet Manager and Wallet-> Open . You will be prompted with the 'default directory does not exist . Would you like to continue?' . Select 'Yes' and navigate to the location of the wallet and type in the password.

2. Inside the wallet tree, Right click and "Add Certificate Request" . Enter the details for the certificate for which extension is required and Save it. Export the CSR using "Export User Certificate" option.

3. Send the CSR to your security admin and once it is signed and sent back, "Import User Certificate" and this should take care of the part.
Note- In some cases, you might encounter an error because the intermdiate and the root certificate are not present.  These will need to be imported prior to importing the user certificate. 
Save your wallet at this stage.

4. Move on to the certificate that is about to expire and  Remove that user Certificate and Save your wallet. Restart OHS at the end of everything. 

These should help you in effectively renewing the certificate.