Managing Enterprise Deployments 20-41 Solution Use an alternative such as TCP or the LDAP protocol itself. Also, monitoring the LDAP non-SSL port is sufficient to detect LDAP availability. Problem The SSOLDAP Application connection is lost to Oracle Internet Directory server Solution Verify the load balancing router timeout and SSOApplication timeout configuration parameter. The SSOLDAP application timeout value should be less than LBR IDLE time out. Problem The LDAP application is receiving LDAP Error 53 DSA Unwilling to Perform. When one of the database nodes goes down during the middle of the LDAP transaction, the Oracle Internet Directory server sends error 53 to the LDAP client Solution To see why the Oracle Internet Directory database node went down, see the Oracle Internet Directory logs in this location: ORACLE_INSTANCE diagnosticslogsOIDoidldapd01s.log Problem Issues involving TNSNAMES.ORA, TAF configuration, and related issues. Solution See the Oracle Database High Availability Overview manual.

20.6.2 Troubleshooting Oracle Virtual Directory

This section describes some common problems that can arise with Oracle Virtual Directory and the actions you can take to resolve the problem: Problem You get a command not found error when you run SSLServerConfig.sh, for example: .SSLServerConfig.sh: line 169: 20110520125611: command not found Solution Edit the file orapki.bat on Windows or orapki.sh on Linux and remove any blank lines at the end of the file. Save the file and run SSLServerConfig.sh again. Problem Oracle Virtual Directory is not responsive. When the load balancing router is configured to send an ICMP message to the LDAP SSL port for monitoring, the Oracle Virtual Directory server starting SSL negotiation sometimes hangs, and thus it is required that the load balancing router not use ICMP messages for monitoring the LDAP SSL port. 20-42 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management Solution Use an alternative such as TCP or the LDAP protocol itself. Also, monitoring the LDAP non-SSL port is sufficient to detect LDAP availability. Problem The SSOLDAP Application connection is lost to the Oracle Virtual Directory server. Solution Verify the load balancing router timeout and SSOApplication timeout configuration parameter. The SSOLDAP application timeout value should be less than LBR IDLE time out. Problem Issues involving TNSNAMES.ORA, TAF configuration, and related issues. Solution See the Oracle Database High Availability Overview manual. Problem When you run SSLServerConfig.sh for component OVD, sometime it fails with an error similar to this: Enter password for weblogic: Enter your keystore name [ovdks1.jks]: Checking the existence of ovdks1.jks in the OVD... Failed to configure your SSL server wallet Please check scratchaime1edgfaidmrootCAkeystoresovdks_check.log for more information In the log file, you see an error message like this: Problem invoking WLST - Traceback innermost last: File scratchaime1edgfaidmrootCAkeystoresovdovdssl-check.py, line 8, in ? File iostream, line 182, in cd File iostream, line 1848, in raiseWLSTException WLSTException: Error occured while performing cd : Attribute oracle.as.ovd:type=component.listenersconfig.sslconfig,name=LDAP SSL Endpoint,instance=ovd_inst1,component=ovd1 not found. Use lsa to view the attributes Solution The problem is intermittent.To work around the issue, re-run the script.

20.6.3 Troubleshooting Oracle Directory Integration Platform