Tuesday Jun 05, 2012

OBIEE or above: Admin Server unavailability is not impacting OBIEE tasks

Applies To:,

Admin Server unavailability is not impacting OBIEE tasks. By setting virtualize tag to true (in EM) to manage multiple LDAP providers, it is enabling failover and HA on authentication and authorization inside OBIEE. Following are the test cases used for testing impact on OBIEE, if Admin Server is not available:


a. Test 1: Admin Server crashes and impact on OBIEE

Scenario: All OBIEE components are up and running.

b. Test 2: Admin Server had not been started and impact on OBIEE.

Scenario: OBIEE Server bi_server1 is started, but Admin Server isn’t

For more details on each of the above test, click here to download the Test Results

Links to Official documentations below:  




Monday May 07, 2012

OBIEE 11.1.1 - Increase Timeouts in Oracle HTTP Server (OHS) plug-in (mod_wl_ohs.conf)

If you are seeing "Failure of server APACHE bridge" error when try to open large BIP report. This is due to your current Oracle HTTP Server (OHS) timeout parameters defined in plug-in file that are reaching amount of time the plug-in waits for a response to a request from WebLogic Server.

For each <Location> section in OHS file mod_wl_ohs.conf, set the following timeouts for example:

<Location /analytics>
      SetHandler weblogic-handler
       WebLogicCluster <servername>:9704
       WLIOTimeoutSecs 6000
       WLSocketTimeoutSecs 600

# BI Publisher
<Location /xmlpserver>
     SetHandler weblogic-handler
     WebLogicCluster <servername>:9704
     WLIOTimeoutSecs 6000
     WLSocketTimeoutSecs 600


Wednesday Apr 18, 2012

OBIEE 11.1.1 - Web catalog upgrade from 10g to 11g corrupted some user permissions

Web catalog upgrade from 10G to or or corrupted some user permissions, this may cause slow user login time and also slowness in accessing the dashboard.


  • Cleanup Web catalog via instanceconfig.xml using the steps documented in "Validating the Catalog" in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.
  • Runcat cmd line commands to cleanup all permissions that appears to be Invalid.

Tip: It is recommended to run all above tasks each & every time content is delivered from a development environment into the production environment (e.g. weekly), as part of the OBIEE administrator's regular backup & maintenance of the catalog.

[Read More]

Wednesday Apr 04, 2012

OBIEE - Import Metadata from Oracle Database is not working with BI Client installer

BI Client installer (version does not install Oracle Database Client. Therefore for BI Admin tool client installations, the Oracle DB Client (11gR2) must also be separately installed on same windows machine.

Tip: If you install BI Client 32bit version, make sure to install Oracle Database Client 32bit version. Likewise If you install BI Client 64bit version then make sure to install Oracle Database Client 64bit version.

Thursday Mar 08, 2012

OBIEE 11.1.1 - BI Office Intermittent Timeout Errors

In OBIEE releases /, if the BI Office Server is configured to connect to Presentation Services through Oracle HTTP Server (OHS), then you might see intermittent error messages that are caused by the timeout of a request. To work around this issue, increase the Keepalive timeout 50 or more.

Reference: http://docs.oracle.com/cd/E23943_01/relnotes.htm 

Tuesday Feb 28, 2012

OBIEE 11.1.1 - IBM JDK Tuning for WebLogic 11G under AIX 6.x

Modify setOBIDomainEnv.sh:

Each lines like:
        if [ "${JAVA_VENDOR}" = "IBM" ] ; then
                # 64-bit IBM JVM is the only JVM supported for AIX
                # assume to always use Managed server memory args for 64-bit IBM JVM
                SERVER_MEM_ARGS="-Xms2048m -Xmx2048m -Xmns512m -Xmnx512m -Xss2m -Xrs -Xgcpolicy:gencon -Xverify:none"
                export SERVER_MEM_ARGS

    -Xms<size>        set initial Java heap size
    -Xmx<size>        set maximum Java heap size
    -Xss<size>         set java thread stack size
    -Xrs                    reduce use of OS signals by Java/VM (see documentation)

      Sets the initial size of the new (nursery) heap to the specified value when using -Xgcpolicy:gencon. By default, this option is selected internally according to your system's capability. This option will return an error if you try to use it with -Xmn.
      Sets the maximum size of the new (nursery) heap to the specified value when using -Xgcpolicy:gencon. By default, this option is selected internally according to your system's capability. This option will return an error if you try to use it with -Xmn.
With no parameters, enables the verifier. Note that this is the default; used on its own, this option has no effect.

Additional parameters to review:

You can force the JVM to use large pages, which is more efficient memory management.
Java VM command line option: -Xlp64K

You should also consider using huger pages.
PPC64 supports 4K(default) and 16M (although this is more likely to speed things up but unlikely solve your heap problem...)
General info for AIX and PPC:
Java vm command line:
AIX: Requests the JVM to allocate the Java heap (the heap from which Java objects are allocated) with large (16 M pages, if a sizeis not specified. If large pages are not available, the Java heap is allocated with the next smaller page size that is supported by the system. AIX requires special configuration to enable large pages.

For more information about configuring AIX support for large pages, see http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/large_page_ovw.htm.
The SDK supports the use of large pages only to back the Java heap shared memory segments. The JVM uses shmget() with the SHM_LGPG and SHM_PIN flags to allocate large pages. The -Xlp option replaces the environment variable IBM_JAVA_LARGE_PAGE_SIZE, which is now ignored if set.
AIX, Linux, and Windows only: If a <size> is specified, the JVM attempts to allocate the JIT code cache memory using pages of that size. If unsuccessful, or if executable pages of that size are not supported, the JIT code cache memory is allocated using the smallest available executable page size."

You should also turn on verbose gc.
Java VM command line option:  –verbose:gc

Consider some of the following Java VM command line options (some IBM vm specific):
- -Xgcpolicy:subpool "Uses an improved object allocation algorithm to achieve better performance when allocating objects on the heap. This option might improve performance on large SMP systems"
- -Xcompressedrefs "Use -Xcompressedrefs in any of these situations: When your Java applications does not need more than a 25 GB Java heap. When your application uses a lot of native memory and needs the JVM to run in a small footprint."
- -Xcompactexplicitgc "Enables full compaction each time System.gc() is called."
- -Xcompactgc "Compacts on all garbage collections (system and global)."
- -Xsoftrefthreshold<number> "Sets the value used by the GC to determine the number of GCs after which a soft reference is cleared if its referent has not been marked. The default is 32, meaning that the soft reference is cleared after 32 * (percentage of free heap space) GC cycles where its referent was not marked." Reducing this will clear out soft  references sooner. If any soft referenced-based caching is being used, cache hits will go down but memory will be freed up faster. But this will not directly solve your OOM problem: "All soft references are guaranteed to have been cleared before the OutOfMemoryError is thrown.
The default (no compaction option specified) makes the GC compact based on a series of triggers that attempt to compact only when it is beneficial to the future performance of the JVM."

OBIEE 11.1.1 - How to use OBIEE Impersonate parameter for quick checks

If you quickly need to check a user permission issue, you can use the Impersonate parameter on the url. However, you have to issue two requests to get a report, you cannot do this in a single url:

Impersonation is "atomic" with authentication. It's not a "request" level parameter. You have to authenticate in "impersonated mode":




Also, you need to make sure that the user "YourAdministrator" has the right permissions in 11g: oracle.bi.server.impersonateUser and possibly oracle.bi.server.queryUserPopulation

Monday Feb 20, 2012

OBIEE 11.1.1 - After complete system restarts, getting “Error 404 – Not Found” when accessing OBIEE URL

Getting “Error 404 – Not Found” when accessing OBIEE URL i.e. https://<server>:9704/analytics . Check whether the "analytics" deployment in WebLogic Server is in Active state in the console > Deployments. If not start the deployment.

Sunday Feb 19, 2012

OBIEE 11.1.1 - How to turn off EM centralized control

There is a flag in the central config file which can be used to turn off all of the EM central configuration. It is in user_projects\domains\bifoundation_domain\config\fmwconfig\biee-domain.xml. The flag is near the top; it says: centralConfigurationEnabled="true" . If you change this to "false", then none of the config files will be modified centrally.

(You will need to restart the managed server and BI System Components)

Important Note: Turning off EM centralized control for managing BI config files is NOT recommended.

Tuesday Feb 14, 2012

OBIEE 11.1.1 - Users are able to log in to the WebLogic Admin console, but not BI

Check if users are able to log in to WebLogic Admin console assuming you can still log in to the WebLogic Admin Console (and if you can start WebLogic, you should be able to login to the Admin Console using the credentials you used to start the server) you can then assign one of the LDAP users the WebLogic Global Admin Role and see if they are able to log in to the WebLogic Admin Console (http://biserver:7001/console). If they are able to log in to the WebLogic Admin console, but not BI, then the LDAP authenticator config is correct, but it may not be accessible to BI.

There are few things to check in this instance:
1) The Identity Store that contains your users may not be being exposed as an Identity Store to OPSS. The primary identity store must be set as the first one in the list of authenticators (note that this restriction is lifted from BI using the virtualize=true configuration) – BI uses the User Role API from OPSS which will only pick up the first identity store from the list of authenticators when looking up users’ GUID, Profile Information, Roles etc. This is a prime cause of the scenario whereby a user can log into WebLogic Admin Console (hence demonstrating that the authentication part of logon is succeeding), but cannot log in to BI (because the identity store containing the user is not first in the list). Where more than one Authenticator is configured, in the general case the control flags should all be set to SUFFICIENT. This will have the effect of each one being tried in turn until authentication succeeds. If authentication is successful, no further authenticators will be tried; if none of the authenticators are able to authenticate the supplied credentials, the overall authentication process will fail.

N.B. on install, the DefaultAuthenticator is set to REQUIRED; if another authenticator is configured, the DefaultAuthenticator, if it is to be retained, must be set to SUFFICIENT or OPTIONAL instead. SUFFICIENT is the recommended setting, for the reasons outlined above.

2) Your users are authenticating correctly to LDAP, but there is a problem with the BI System User which prevents the BI Security Service from authenticating users. N.B. if you temporarily assign the WebLogic Global Admin role to a user to test this scenario, please remember to remove this as soon as you have completed testing or else you may find you’ve given one (or many, if you specify the role condition by group name match) of your users a lot more power than you intended them to have.

3) Clean up all the users/groups security in RPD that may already exist from upgraded 10g RPD (delete user from rpd if present) and perform GUID refresh again i.e. https://blogs.oracle.com/pa/entry/regenerating_user_guids

Monday Feb 13, 2012

OBIEE 11.1.1 - Migrating Security – Policy Store

Goto .../Oracle_BI1/common/bin/ and run ./wlst.sh :

wls:/offline> migrateSecurityStore(type="appPolicies", srcApp="obi", configFile="/scratch/aawan/SecMigration/jps-config.xml", src="sourceFileStore", dst="targetFileStore", overWrite="false")

Reference Note: For detailed syntax and examples, see "migrateSecurityStore" in Oracle Fusion Middleware WebLogic Scripting Tool Command Reference. http://www.oracle.com/pls/fa102/to_URL?remark=ranked&urlname=http:%2F%2Fdocs.oracle.com%2Fcd%2FE25178_01%2Fweb.1111%2Fe13813%2Fcustom_infra_security.htm%23WLSTC1426

Before running the above migrateSecurityStore command you must specify details relating to your source policy store in your target's jps-config.xml file.

1. Backup your target's jps-config.xml file located at DOMAIN_HOME/config/fmwconfig/jps-config.xml.

2. Add source and target information to the target's jps-config.xml:

a. Add the following section (above the closing </serviceInstances> tag) to point to the source policy store:
<serviceInstance name="srcpolicystore.xml" provider="policystore.xml.provider" location="/MW_HOME/user_projects/domains/bifoundation_domain/config/fmwconfig/system-jazn-data.xml">
   <description>File Based Policy Store Service Instance</description></serviceInstance>

b.Update the policy store reference to point to the value specified in step a. Add the following entries above the closing </jpsContexts> tag:
<jpsContext name="targetFileStore">
     <serviceInstanceRef ref="policystore.xml"/>
<jpsContext name="sourceFileStore">
     <serviceInstanceRef ref="srcpolicystore.xml"/>

Output similar to the following displays and includes a WARNING that you can ignore:

WLS ManagedService is not up running. Fall back to use system properties for configuration.
oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy <init>
WARNING: No identity store associate with policy store found

Thursday Feb 09, 2012

OBIEE 11.1.1 - Unable to View PDF / graphs in Internet Explorer 7 and 8 over SSL using WebGate/OHS as front-end

Set CachePragmaHeader and CacheControlHeader to public.

This setting applies only to WebGates. These settings control the browser's cache. By default, CachePragmaHeader and CacheControlHeader are set to no-cache. This prevents WebGate from caching data at the Web server application and the user's browser. However, this may prevent certain operations such as downloading PDF files, saving report files and displaying charts when the site is protected by a WebGate. You can set the Access Manager SDK caches that the WebGate uses to different levels. See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html section 14.9 for details. All of the cache-response-directives are allowed.


1. For your OBIEE setup using WebGate, you may need to set both (CachePragmaHeader and CacheControlHeader) cache values to public.

2. For your OBIEE setup using OHS with mod_osso, to allow caching for SSO protected resources you need to add "OssoSendCacheHeaders off", in mod_osso.conf.

Friday Jan 27, 2012

OBIEE 11.1.1 - Important Security Considerations (SSL) if using external LoadBalancer

In OBIEE enterprise topology, make sure the external load balancer used should be able to terminate SSL requests at the load balancer and forward traffic to the back-end real servers using the equivalent non-SSL protocol (for example, HTTPS to HTTP).

For security purposes, and because the load balancer terminates SSL requests (Oracle HTTP Server routes the requests as non-SSL to WebLogic Server), after SSL is configured for the load balancer, turn on the WebLogic Plugin Enabled flag for the domain. To do this, follow these steps:

1. Log in to the Administration Console.
2. Click the domain name in the navigation tree on the left.
3. Click the Web Applications tab.
4. In the Change Center, click Lock & Edit.
5. Select WebLogic Plugin Enabled.
6. Click Save, then click Activate Changes.
7. Restart the Administration Server and Managed Server.

Tip: WebLogic Plugin Enabled: Specifies whether or not the proprietary WL-Proxy-Client-IP header should be honored. (This is needed only when WebLogic plugins are configured.)

In additon to above, make sure Oracle HTTP Server (OHS) to add the following SSL directives in each <location> section to the ORACLE_BASE/admin/instance_name/config/OHS/component_name/mod_wl_ohs.conf file:


WLProxySSLPassThrough ON

Tips: Set WLProxySSL parameter to ON to maintain SSL communication between the plug-in and WebLogic Server when the following conditions exist:

  • An HTTP client request specifies the HTTPS protocol
  • The request is passed through one or more proxy servers (including the WebLogic Server proxy plug-ins)
  • The connection between the plug-in and WebLogic Server uses the HTTP protocol

When WLProxySSL is set to ON, the location header returned to the client from WebLogic Server specifies the HTTPS protocol.

Wednesday Dec 21, 2011

OBIEE 11.1.1 - Troubleshooting OCI Connections

If you are having trouble connecting to an Oracle Database using OCI, check to ensure that the following conditions are true:

■ The computer running the Oracle BI Server must use Oracle Call Interface (OCI) to connect to the database.

■ If you choose not to use the entire connect string in the repository connection pool, you must ensure that a valid tnsnames.ora file is set up in the following location within the Oracle Business Intelligence environment, so that the Oracle BI Server can locate the entry:


■ If you choose not to use the entire connect string in the repository connection pool, ensure that the net service name in the tnsnames.ora file matches the Data Source Name used in the connection pool.

[Read More]

Monday Dec 05, 2011

OBIEE 11.1.1 - Windows 2003 Tuning Parameters

Below table describes how to tune the Windows 2003 operating system to optimize the performance of your Oracle® Business Intelligence Enterprise Edition.


Default Value

Suggested Value


This parameter controls the amount of time the OS waits to reclaim a port after an application closes a TCP connection, has a default value of 4 minutes. During a heavy users load, these limits may be exceeded resulting in an address in use: connect exception.

Tip: In registry set this parameter using following:


Value: TcpTimedWaitDelay

Value Type:  dword

Data:  30 (decimal)




The number of user-accessible ephemeral ports that can be used to source outbound connections is configurable using this parameter.

Tip: In registry set this parameter using following:


Value: MaxUserPort

Value Type: dword

Data: 65534 (decimal)



Tune Windows 2003 (32 bit) /3GB switch

Important Note: It is only recommended to enable /3GB, if BI Presentation Services (32bit) crashes due to 2 GB process virtual memory limit. Using the /3GB switch allocates 1 GB to the kernel and 3 GB to the User-mode space. Therefore it is strongly recommended to implement following settings when /3GB switch is applied, in order to make sure OBIEE and Windows stability:

1. Using a range of memory for the /userva=xxxx switch that is within the range of 2900 to 3030. The following sample boot.ini file demonstrates how to use the new switch to tune a server to allocate 2,900 MB of User-mode virtual memory and 1,196 MB of Kernel-mode virtual memory. This increases the available kernel space by 172 MB:

[boot loader]



[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Enterprise" /fastdetect /NoExecute=OptOut /3GB /Userva=2900

2. Increase the SystemPages in registry: The setting being updated controls the allocable memory for the operational system caches, file caches among others, and the value being set will tell Windows to calculate the value itself on the side of the maximum allocable resources.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Open the Data: SystemPages

Enter its new value (hex): FFFFFFFF

3. After applying above settings, reboot the server.