Installing WCC with the latest patches may result in a broken enterprise manager.

On my travels down the WCC projects I have encountered a new and interesting item I wanted to share with you.

I helped a customer do an installation of WebCenter Content 12.2.1.4 and obvious I had them apply all the latest bundle patches for Fusion MiddleWare and WCC.

This is the list of the OPatches we installed:

Product	Patchnr	Remarks
OPatch	28186730	Make sure to download the version for opatch 13.9.4.2.11
WLS	34883826	for log4j exploit fix
WCC	34781126	Latest WCC Bundle patch January 2023
Coherence	34845927	Not strictly used but needed to fix start-up issues
OHS	34840613

First important remark here: if you want to install the latest PSU patches for Fusion Middleware and WCC, you first need to upgrade OPatch itself. So start with patch 28186730n before you do anything else.

All the patches installed just fine and everything looked perfectly OK when we created the WCC domain, but when we tried to access the enterprise manager (server:7001/em) it wasn't there.

So we searched the logs and found a message saying:  

<Feb 28, 2023 12:12:53,630 PM CET> <Error> <Deployer> <BEA-149231> <Unable to set the activation state to true for the application "em">

Looking at the rest of the trace, there is an indication that EM was not able to load due to a missing log4j library. 

As it turns out, there is something missing. With the serious exploit that got out last year, everybody scrambled to close the breach as fast as possible. Turns out that this can lead to the situation I was in. The Fusion MiddleWare layer is correctly patched, but some of the basic underlying WebLogic core server stuff still has references to log4j. 

Fortunately, the fix is easy and straightforward to apply. Simply turn to the Oracle support site and download the following patch: 34542329. Apply this patch using opatch restart the entire stack and everything will be running normally.

Installing WCC 12.2.1.4 on OCI cloud with 19c Autonomous Database

 

At first I was convinced that this was going to be a easy install, after all, Oracle on Oracle on Oracle? Should be just fine right. Turns out that it does work quite well, provided you take care to do some specific steps and that you use the correct information.

The procedure below is for you typical single node development environment, but for bigger installs you can basically do the same thing, except for creating multiple OCI instances to run WCC on.

 

Step 1: OCI machine.

Start by making an OCI Instance. Pick the right size of image to run the load you want to handle, but here is a first precaution, when you pick the shape and it’s sizing, do not select the Ampere shapes. The Middleware base installers will fail on these shapes.

Make sure that you note down the IP addresses that have been assigned to the machine.

On the OCI instance, to make your life easy, make sure that as root you install the necessary OS level stuff.

sudo -i -u root

dnf groupinstall "Server with GUI"

yum -y install oracle-database-preinstall-19c

yum install jdk1.8.x86_64

 

Doing the groupinstall of “Server with GUI” will allow you to have everything that you can possibly need to be able to run the installer with the graphical interface. You will need this amongst others to run RCU. Once you have this, use your preferred tooling to set up X11 forwarding over SSL.

Do not forget to create a user to install and run like for example “oracle”.

 

Step 2: Database.

Provision your Autonomous Database.

I suggest you choose the “Data Warehouse” as workload type. When setting up the DB, make sure that you set the following correctly:

-          Character set:  AL32UTF8

-          National character set:  AL16UTF16

For the network connection choose the Access type: “Allow secure access from specified IPs and VCNs”

Note that you do not have the typical “sys” user in this case. The administration user is ADMIN. Set a password for the user, following the provided guidelines.

For the instance name, choose something that makes sense to you like wccdb.

Once you DB is provisioned and running, there is 1 more step to do, to avoid issues later on in the procedure.

-          From the “More Actions” menu select “Update Network Access”

-          Use the “+ Access Control Rule” to add a rule:

o   IP Address based

o   As IP’s add a comma-separate list of the private IP address(es) of your WCC OCI instance(s)

o   Don’t forget to click the “Update” button.

 

Step 3: Base installation.

Now proceed with the base installation of the Middleware home and the WCC shiphome. Only use the 12.2.1.4 installation sources. Older version will not work.

Once these base installs are done I suggest that you apply all the necessary patches at once before continuing. At the time of this article, we are at WCC Bundle patch 2022-10 so that is the one that is included. You can select a newer one if it is available.

You need to start of by installing patch 6880880 to update opatch itself to a newer version. If you do not do this, the installation of some of the patches will fail.

Here is the list of patches you should install:

•  p33591019: Coherence
•  p33727616: Weblogic infrastructure bundle patch
•  p34487690: WCC bundle patch October 2022
• p30540494: patch for rcu connection issues to Autonomous
• p30754186: patch for rcu connection issues to Autonomous
• p31676526: patch for rcu connection issues to Autonomous

Download all these patches to a directory on the server and manually apply them 1 by one, or use the automated installation by using the napply syntax for opatch

${ORACLE_HOME}/OPatch/opatch napply -id 33727616,1221412,34487690,30540494,30754186,31676526  -silent

Step 4: Update ojdbc.

In $ORACLE_HOME/oracle_common/modules/oracle.jdbc you will find the ojdbc.jar. but the version that you will find there is too old to work correctly with Autonomous.

Download the latest driver from https://www.oracle.com/be/database/technologies/appdev/jdbc-downloads.html

What you are looking for is the ojdbc8-full.tar.gz file for Oracle Database 19c. Download this to EVERY OCI instance where you want to run WCC. Unzip the download, extract the files for the tar archive and make sure to copy all the file in the archive to the $ORACLE_HOME/oracle_common/modules/oracle.jdbc directory. 

 

Step 5: Connection Wallet

For the following steps I will assume that you have created the user oracle with a home directory set to /home/oracle.

In your cloud control environment, surf to the Autonomous DB instance that you have created.

Click on the “DB Connection” button:

This will show you a screen with the connection information.

Make sure “Instance Wallet” is selected and click the Download button.

This will download a file called Wallet_wccdb.zip to your laptop. Upload this file to the WCC server(s) and unzip the files into the directory /home/oracle/wallet (this can be elsewhere but make sure to persist with all the changes correctly.

You will need to update some files to reflect the directory where you have placed the files:

Edit sqlnet.ora and make sure that the TNS_ADMIN is set correctly. In our sample the contents of this file will be:

WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="/home/oracle/wallet/")))

SSL_SERVER_DN_MATCH=yes

Edit ojdbc.properties. Add the end of the file, add the following line:

SSL_SERVER_DN_MATCH=yes

Step 6: RCU

You are now ready to create your schema’s for WCC. And this is where things will go wrong if you have skipped any of the steps above.

We just need to do a few more step regarding RCU itself before starting.

First go to the following directory: $ORACLE_HOME/oracle_common/rcu/config

Edit the file rcu.properties. At the end of the file, add the following line:

WALLET_DIR=/home/oracle/wallet

 

Finally set the following shell variables before launching rcu:

export RCU_SSL_MODE=true

export TNS_ADMIN=/home/oracle/wallet

 

Now you can start RCU. You just need to take into account that the connection to the DB will be different than what you are used to.

Select the option to manually enter the connection string. This will allow you to use the TNS configuration we have prepared in the previous step

The connection string you will use is:

jdbc:oracle:thin:@wccdb_medium?TNS_ADMIN=/home/oracle/wallet/

The actual TNS name you select depends on the service you want to get on the DB. For production environment you will want to use wccdb_high, but for development systems wccdb_medium should be more that sufficient.

As user you select “ADMIN” combined with the password you choose while provisioning the DB. Note that the role is “Normal”

Proceed as you would normally do with RCU. Along the way you will get a number of warnings. You can ignore them. First warning will be that the DB version is too recent. The second warning that will show several times is that the insufficient privileges warning. Just ignore it every time.

RCU will successfully create the necessary schema’s for your WCC installation.

 

Step 7: Create you WCC domain.

You can now create you WCC domain just like you would always do it. The only difference is once again when you come to the part where you define the connection to the database.

Exactly like you did with RCU, select to manually enter the connection URL and use the same connection string as for RCU:

jdbc:oracle:thin:@wccdb_medium?TNS_ADMIN=/home/oracle/wallet/

 The installer will read the _STB schema to fetch the info on the schema’s and from that point onwards, you can continue the normal WCC domain creation procedure.