Starting opmn Errors with unexpected exit: status 4200 error

Starting opmn Errors with unexpected exit: status 4200 error   

Error: 

opmnctl startall: starting opmn and all managed processes... 

[opmn] [ERROR:1] [] [internal] /xxx/fs1/FMW_Home/webtier/opmn/bin/opmn: unexpected exit: status 4200 

opmnctl startall: opmn failed to start. 

Reason: 

Applied FMW Security Patch 

Solution: 

1) Log in as the user that owns the application tier installation

 

Source the run file system environment and the $FMW_HOME/SetWebtier.env file. 

$ source <EBS base install directory>/EBSapps.env run 

$ source $FMW_HOME/SetWebtier.env 

2) Set an alias for the correct orapki. 

$ alias orapki=$FMW_HOME/oracle_common/bin/orapki 

3) Create a new wallet with an acceptable self-signed certificate in $HOME/ss. For example: 

 

$ mkdir ~/ss 

$ cd ~/ss 

$ orapki wallet create -wallet ./ -auto_login_only 

$ orapki wallet add -wallet . -dn "CN=FMWSmallCircleOfTrust" -asym_alg RSA -keysize 2048 -sign_alg sha256 -self_signed -validity 3652 -auto_login_only 

$ orapki wallet display -wallet . 

The last command (orapki wallet display -wallet .) allows you to verify that the wallet was properly created. 

4) Find the instanceName of this environment and save in an environment variable for later use. 

 

tr < $CONTEXT_FILE '<>' '  ' | awk '/"s_ohs_instance"/ {print $(NF-1)}' 

EBS_web_OHS1 

iName=$(tr < $CONTEXT_FILE '<>' '  ' | awk '/"s_ohs_instance"/ {print $(NF-1)}' ) 

5) Go to the instance directory. 

$ cd $FMW_HOME/webtier/instances/$iName 

Find the default wallets used by this instance. 

$ find . -name cwallet.sso | fgrep -v /webgate/ 

./config/OPMN/opmn/wallet/cwallet.sso 

./config/OHS/EBS_web/proxy-wallet/cwallet.sso 

./config/OHS/EBS_web/keystores/default/cwallet.sso 

6) Verify that each wallet only contains the self-signed certificate. 

$ find . -name cwallet.sso | fgrep -v /webgate/ | while read w ; do echo -e "\n$w"; orapki wallet display -nologo -wallet $w ; done 

If it is a default wallet, each wallet should list one "User Certificate" and an identical "Trusted Certificate", as shown in the following example: 

./config/OPMN/opmn/wallet/cwallet.sso 

Requested Certificates: 

User Certificates: 

Subject: CN=Self-Signed Certificate for EBS_web_OHS1\20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US 

Trusted Certificates: 

Subject: CN=Self-Signed Certificate for EBS_web_OHS1\20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US 

Note: If a wallet is not a default wallet, make a backup copy of that wallet before proceeding. 

7) Copy the new SHA-256 signed wallet to all default wallet locations. 

$ find . -name cwallet.sso | fgrep -v /webgate/ | while read w ; do echo $w; cp -p ~/ss/cwallet.sso $w ; done 

You have now copied the new self-signed wallet to the default locations in the run file system. This avoids modifying the OPMN and OHS configuration files to point to a different wallet (or wallet directory). 

 

8) Prepare to make the changes to the patch file system by modifying adop_sync.drv located under $APPL_TOP_NE/ad/custom to include the following: 

 

#Oracle HTTP Server Wallet - cwallet.sso 

rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default/cwallet.sso 

#OPMN Wallet - cwallet.sso 

rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet/cwallet.sso 

rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet/cwallet.sso 

The changes will be propagated to the patch file system when you perform the steps in Section 4 during the prepare phase (adop phase=prepare) of online patching and will take effect after a successful cutover (adop phase=cutover). 

 

After this procedure is complete, do not remove or alter the updated adop_sync.drv file. 

9) Re-register OHS if required. 

Obtain the host, port, and user name variables for WLS Admin from CONTEXT_FILE: 

 

$ aHost=$( tr < $CONTEXT_FILE '<>' '  ' | awk '/"s_wls_admin_host"/ {print $(NF-1)}' ) 

$ aPort=$( tr < $CONTEXT_FILE '<>' '  ' | awk '/"s_wls_adminport"/ {print $(NF-1)}' ) 

$ aUser=$( tr < $CONTEXT_FILE '<>' '  ' | awk '/"s_wls_admin_user"/ {print $(NF-1)}' ) 

Re-register OHS using the following commands: 

$ cd $FMW_HOME/webtier/instances/$iName/bin 

$ ./opmnctl unregisterinstance -adminHost $aHost -adminPort $aPort -adminUsername $aUser -instanceName $iName 

$ ./opmnctl registerinstance -adminHost $aHost -adminPort $aPort -adminUsername $aUser 

If you like please follow and comment