Dealing with Weblogic STUCK threads

If you are getting below error on STUCK threads in weblogic, there are few steps to tune it so that you won’t get any/minimize the number of times it comes.

Usually these STUCK threads get unstuck after some time but to improve performance its better to tune it avoid uncertainty.

ERROR When STUCK:

####<Dec 8, 2012 9:50:31 AM EDT> <Error> <WebLogicServer> <abcsystems.orass.com> <server-cc113sp> <[ACTIVE] ExecuteThread: '34' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1278597031843> <BEA-000337> <[STUCK] ExecuteThread: '55' for queue:

'weblogic.kernel.Default (self-tuning)' has been busy for "650" seconds working on the request "Http Request: /deo/hfiles.do", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.

LOG When becomes UNSTUCK:

####< Dec 8, 2012 2:59:16 PM EDT> <Info> <WebLogicServer> <abcsystems.orass.com> <server-cc113sp> <[STUCK] ExecuteThread:'52' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1278608356902> <BEA-000339> <[STUCK] ExecuteThread: '52' for queue: 'weblogic.kernel.Default (self-tuning)' has become "unstuck".>

The error may / may not disappear. It will disappear if the interval is longer than the processing time of the request.

The optimal value need to be set according to the processing time of the requests. If you don’t expect the requests take so long to complete, then you need to tune the system.

If you are seeing a thread exceeding the stuck thread max time, then the request is taking a long time to complete, more than the defualt value of 10 minutes.

In some circumstances this is expected, it depends on what the thread is actually doing – An example of a normal warning like this is that you have a SQL query that is taking too long because it’s badly written.

If you are seeing a lot of threads getting stuck, then it suggests that you have a bottleneck in one key components and you may have to tune your system,

but it’s a question of identifying which component needs tuning. In either case, you will probably need to take a number of thread dumps with short (15 sec) interval between them, at the time you see the warning reported to start to identify the issue.

The best approach is to identify what thread is causing this. I would recomend capturing a thread dump to find out what is goign on withing that thread.

before increasing max thread stuck time please take thread dump and analyze which threads are getting stuck. Fo example based on your analysis if you feel your database is little bit slow due to which threads are getting stuck, try to increase thread stuck time.

Thanks,

Babu

Oracle Weblogic Server 11gR1(10.3.5) Installation

Step by Step instructions to download, install Oracle WebLogic Server 11gR1 10.3.5, and create a sample domain are described in this article. Well, What is WebLogic? WebLogic Server is a powerful Application Server to run J2EE Applications. This is pretty much equivalent to Oracle 10gAS OC4J server, but WebLogic is known for its rich features and great functionality. Since Oracle has acquired BEA, there has been a strategic shift in the Application Server technologies from OC4J to Weblogic Server. Oracle has moved most of the OC4J Applications to Weblogic in Fusion Middleware releases. If you see the tag, Fusion, you can guess that it is Weblogic Application. Other than directory structures, installation procedure, here are few key differences between OC4J and WebLogic Server.

OC4J uses AJP protocol between OHS and OC4J. OHS in front of OC4J is a must (as OC4J itself does not have a HTTP listener, so it cannot answer HTTP requests). This is quite different in WebLogic, as WebLogic has got a HTTP listener, users can directly access WebLogic port from the browser. Of course, it is recommended to front end WebLogic by a web server but it is not mandatory. Web Server is mandatory for OC4J.

OC4J is completely managed by OPMN. A couple of interesting features by OPMN, such as increasing no# of JVMs (numprocs in opmn.xml) for the OC4J are available. WebLogic is not managed by OPMN. So, WebLogic always runs out of only one JVM.

OC4J runs on wide range of ports whereas WebLogic runs everything on a single port by default, i.e. 7001. Here is an example of OC4J Port ranges:

ajp range=12501-12600
rmi range=12401-12500
jms range=12601-12700

Here is a quick installation of 10.3.5 WebLogic Server. I would create a quick Domain to demonstrate the config.sh:

1. Download Weblogic
2. Preinstall tasks
3. Installation
4. Post Installation
5. Troubleshooting

Download Weblogic

Download Oracle WebLogic Server: http://www.oracle.com/technetwork/middleware/ias/downloads/wls-main-097127.html
Download 64bit JDK: http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u29-download-513648.html

wls1035_generic.jar: This is a generic file that can be used on any platform. It includes WebLogic Server and Coherence but NOT JDK. In most of the 64bit WebLogic Installations, I had to use this one instead of direct executable.

wls1035_linux32.bin: Linux x86 32-bit executable. It includes WebLogic Server, Coherence, Sun SDK 1.6.0, and Oracle JRockit 1.6.0.

wls1035_linux64.bin: Linux x86 64-bit executable, it includes WebLogic Server, Coherence, and Oracle JRockit 1.6.0. If you prefer to use Sun JDK for development servers, you got to install JDK first and then run wls1035_generic.jar instead.

If it’s a executable, you can simply execute as:

$ ./wls1035_linux32.bin 

But if you need to run with different JDK, run:

$JAVA_HOME/bin/java -jar wls1035_generic.jar

There is no straight 64bit JDK on HP-PA, HPIA, and Solaris64 platforms and rather it’s a Hybrid JDK. In this case:

$JAVA_HOME/bin/java -d64 -jar wls1035_generic.jar

Preinstall tasks

We need to make a choice for JRockit or Sun JDK. JRockit is more meant to be for Production usage. It takes longer to start, needs more memory and runs faster during the runtime. Sun JDK starts faster, needs less memory heap, and is little slow during the run time. If you have a cap on Memory, better go with Sun JDK. I would prefer Sun JDK in non-production environments. I have already installed 64bit JDK on this Linux Server and called wls1035_generic.jar. Coherence is another new component that is supposed to speed things up using the cache. It’s an optional component.

Here are basic requirements to install the WebLogic Server.

• Processor: 1-GHz CPU
• Memory : A minimum of 1 GB RAM, although recommends 2 GB is recommended.
• Lot of temp space is required as the installer extracts first and then starts the installation.
• JDK is shipped with a few 32bit WebLogic installers but we have to manually install the JDK for 64bit.

Installation

Post Installation

Create a new WebLogic domain using the Configuration Wizard:

$ /oracle/middleware/oracle_common/common/bin/config.sh 

  

  

 

Development Mode: Weblogic User and passwords are stored in boot.properties in Development Mode. Again, I have selected SUN JDK for Development mode.
Production Mode: It does not store the user name and passwords in boot.properties by default. You can manually create boot.properties after the Domain Creation.  You may want to select JRockit for Production. The user name and password will be read and encrypted by WebLogic Server during the startup.

$ cat /oracleware/user_projects/domains/IDMDomain/servers/AdminServer/security/boot.properties 
username=weblogic
password=mypassword
$

This is a place to change the default Admin Server Port from 7001 to something else. If you have got multiple domains, you would need to change this port for all domains after the first domain. Unlike Oracle Installers, Configuration Wizard does not check for the Active Port. So we got to check that ourselves. 

Config.sh does not start the services. Start the Admin Server manually.

$ /oracle/middleware/user_projects/domains/IDMDomain/bin/startWebLogic.sh 

Troubleshooting

Problem: WebLogic server does not start as the port is occupied by other WebLogic Server.

Solution: If you did not change the port during the installation, there is a way to change the port from Admin Console. However, this does not even start the server to go to the Console. So, we need to change $DOMAIN_NAME/config/config.xml

. /oracle/middleware/user_projects/domains/IDMDomain/bin/setDomainEnv.sh 

<server>
<name>AdminServer</name>
<listen-port>7002</listen-port> 
<listen-address></listen-address>
</server> 

setDomainEnv.sh sets up all the environment variables and Java options for the entire domain including AdminServer and all Managed Servers. If you need to change JVM Heap Size,  setDomainEnv.sh is the right place for you.

Weblogic Server 11gR1 new featuers

Find Command Examples in UNIX

In it's simplest use the find command searches for files in the current directory and its subdirectories:
$ find .
./tp1301.txt
./up1301.txt
./tp1302.txt
./up1302.txt
./Up1303.txt
./misc/uploads
./misc/uploads/patch12_13.diff
As always, the dot indicates the current directory. Here find has listed all files found in the current directory and its subdirectories.

If we only want to find files with 'up' at the start of their name, we use the '-name' argument.
So the following would be used:
$ find . -name up\*
./up1301.txt
./up1302.txt
./misc/uploads
find defaults to being case sensitive. If we want the find utility to locate the file 'Up1303.txt' we could either do 'find -name Up\*' or use the iname argument instead of the name argument.

The wildcard character is escaped with a slash so BASH sends a literal asterisk to the find utility as an argument instead of performing filename expansion and passing any number of files in as arguments.
This 'gotcha' is important. Be aware of the characters which the shell attaches special meaning to.

Now we know there are files that should have their names in lowercase we can utilise find to get a list of files with names that aren't:
$ find -iname up\* -not -name up\*
Smooth Operator
find supports boolean algebra with the -and, -or and -not arguments. These are abbreviated as -a, -o and ! (which in bash must be escaped as \!) respectively. The and operator is mentioned here for completeness. Its presence is implied:

$ find . -iname david\*gray\*ogg -type f > david_gray.m3u
These operators are processed in the following order:

Parentheses
Use parentheses to force the order in which the operators are evaluated.

-not
Invert the result of the tested expression.

-and
E.g. ex1 -and ex2; the second expression isn't checked if the first evaluated to true

-or
E.g. ex1 -or ex2; as with -AND, the second expression isn't checked if the first evaluated to true

','
This is the list operator where unlike the '-AND' and '-OR' operators both expressions are evaluated. Read the '2 into 1 does go' section for more information.

The example in the Smooth Operator boxout creates an m3u playlist listing all ogg files that start 'David Gray' (and all case-permutations)

$ find . -iname david\ gray\*ogg -type f > david_gray.m3u
This will find any files called, in one way or the other, "david gray....ogg".

This is semantically equivalent to:
$ find . -iname david\ gray\*ogg -and -type f > david_gray.m3u
It's equivalent to:
$ find . -iname "david gray*ogg" -and -type f > david_gray.m3u
What if the ogg files themselves mightn't have the artists name in them and are in some subdirectory of one called 'David Gray', how do we find them?

$ find . -ipath \*david\ gray\*ogg -type f > david_gray.m3u
The expression starts with a wildcard because its possible there's more than one subdirectory named 'david gray' that might really be nothing more than symlinks for categorisations.

Here's another example, we list the contents of the humour directory (one line per file) and do a case-insensitive search for .mp3 files with 'yoda' in the name of the file:

$ ls humour -1
Weird Al - Yoda.mp3
welcome_to_the_internet_helpdesk.mp3
werid al - livin' la vida yoda.mp3

$ find -ipath \*humour\*yoda\* -type f
./humour/Weird Al - Yoda.mp3
./humour/werid al - livin' la vida yoda.mp3
2 into 1 does go
As implied in the Smooth Operator boxout, it's possible to have one invocation of find perform more than one task.

To compile two lists, one containing the names of all .php files and the other the names of all .js files use:

$ find ~ -type f \( -name \*.php -fprint php_files ,
                    -name \*.js -fprint javascript_files \)
Pruning
Suppose you have a playlist file listing all David Gray .ogg files but there are a few albums you don't want included.
You can prevent those albums from going into the playlist by using the -prune action which works by attempting to match the names of directories against the given expression.
This example excludes the Flesh and Lost Songs albums :
$ find   \( -path  ./mp3/David_Gray/Flesh\* -o -path
"./mp3/David_Gray/Lost Songs" \* \) -prune -o -ipath \*david\ gray\*
The first thing you'll notice here is the parentheses are escaped out so BASH doesn't misinterpret them. Notice using -prune takes the form
"don't look for these, look for these other ones instead". ie:
$ find (-path <don't want this> -o -path <don't want this#2>)
\-prune -o -path <global expression for what I do want>
It might take a bit longer to invoke find to use the -prune action: decide exactly what you want to do first. I find using the -prune action saves me time I can use on other tasks.

Fussy Fozzy!
There's a host of other expressions and criteria that can be used with find.

Here is a brief rundown on the ones you'll most likely want to use:
-nouser file is owned by someone no longer listed in /etc/passwd
-nogroup the group the file belongs to is no longer listed in /etc/groups
-owner <username> file is owned by specified user.
We'll delve into using these, and others, later on.

Print me the way you want me, baby!
Changing the output information
If you want more than just the names of the files displayed, find's -printf action lets you have just about any type of information displayed. Looking at the man page there is a startling array of options.
These are used the most:
%p filename, including name(s) of directory the file is in
%m permissions of file, displayed in octal.
%f displays the filename, no directory names are included
%g name of the group the file belongs to.
%h display name of directory file is in, filename isn't included.
%u username of the owner of the file
As an example:
$ find . -name \*.ogg -printf %f\\n
generates a list of the filenames of all .ogg files in and under the current directory.
The 'double backslash n' is important; '\n' indicates the start of a new line. The single backslash needs to be escaped by another one so the shell doesn't take it as one of its own.
Where to output information?
find has a set of actions that tell it to write the information to any file you wish. These are the -fprint, -fprint0 and -fprintf actions.
Thus
$ find . -iname david\ gray\*ogg -type f -fprint david_gray.m3u
is more efficient than
$ find . -iname david\ gray\*ogg -type f > david_gray.m3u
Execute!
File is an excellent tool for generating reports on basic information regarding files, but what if you want more than just reports? You could just pipe the output to some other utility:

$ find ~/oggs/ -iname \*.mp3 | xargs rm
This isn't all that efficient though.
It is much better to use the -exec action:

$ find ~/oggs/ -iname \*.mp3 -exec rm {} \;
It mightn't read as well, but it does mean the files are immediately deleted once found.
'{}' is a placeholder for the name of the file that has been found and as we want BASH to ignore the semicolon and pass it verbatim to find we have to escape it.

To be cautious, the -ok action can be used instead of -exec. The -ok action means you'll be asked for confirmation before the command is executed.

There are many ways these can be used in 'real life' situations:
If you are locked out from the default Mozilla profile, this will unlock you:

$ find ~/.mozilla -name lock -exec rm {} \;
To compress .log files on an individual basis:
$ find . -name \*.log -exec bzip {} \;
Give user ken ownership of files that aren't owned by any current user:

$ find . -nouser -exec chown ken {} \;
View all .dat files that are in the current directory with vim. Don't search any subdirectories.
$ vim -R `find . -name \*.dat -maxdepth 1`
Look for directories called CVS which are at least four levels below the current directory:
$ find -mindepth 4 -type d -name CVS
Time waits for no-one
You might want to search for recently created files, or grep through the last 3 days worth of log files.

Find comes into its own here: it can limit the scope of the files found according to timestamps.

Now, suppose you want to see what hidden files in your home directory changed in the last 5 days:

$ find ~ -mtime -5 -name \.\*
If you know something has changed much more recently than that, say in the last 14 minutes, and want to know what it was there's the mmin argument:

$ find ~ -mmin 14 -name \.\*
Be aware that doing a 'ls' will affect the access time-stamps of the files shown by that action. If you do an ls to see what's in a directory and try the above to see what files were accessed in the last 14 minutes all files will be listed by find.

To locate files that have been modified since some arbitrary date use this little trick:

$ touch -d "13 may 2001 17:54:19" date_marker
$ find . -newer date_marker
To find files created before that date, use the cnewer and negation conditions:

$ find . \! -cnewer date_marker
To find a file which was modified yesterday, but less than 24 hours ago:

$ find . -daystart -atime 1 -maxdepth
The -daystart argument means the day starts at the actual beginning of the day, not 24 hours ago.
This argument has meaning for the -amin, -atime, -cmin, ctime, -mmin and -mtime options.

Finding files of a specific size
A file of character (bytes)
To locate files that have a certain amount of characters present then you can't go far wrong with

# find files with exactly 1000 characters
$ find . -size 1000c  
#find files containing between 600 to 700 characters, inclusive.
$ find . -size +599c -and -size -701c      
'Characters' is a misnomer: 'c' is find's shorthand for bytes; thus this will only work for ASCII text not Unicode.
Consulting the man page we see
c = bytes
w = 2 byte words
k = kilobytes
b = 512-byte blocks

Thus we can use find to list files of a certain size:

$ find /usr/bin -size 48k
Empty files
You can find empty files with $ find . -size 0c
Using the -empty argument is more efficient.

To delete empty files in the current directory:
$ find . -empty -maxdepth 1 -exec rm {} \;
Users & Groupies
Users
To locate files belonging to a certain user:
# find /etc -type f \!  -user root -exec ls -l {} \;
-rw------- 1 lp sys 19731 2002-08-23 15:04 /etc/cups/cupsd.conf
-rw------- 1 lp sys    97 2002-07-26 23:38 /etc/cups/printers.conf
A subset of that same information, without having the cost of an exec:
root@ttyp0[etc]# find /etc -type f \!  -user root \
                 -printf "%h/%f %u\\n"
/etc/cups/cupsd.conf lp
/etc/cups/printers.conf lp
If you know the uid and not the username then use the -uid argument:

$ find /usr/local/htdocs/www.linux.ie/ -uid 401
-nouser means there is no user in the /etc/passwd file for the files in question.

Groupies
find can locate files that belong to a specific group - or not, depending on how you use it.
This is especially suited to tracking down files that should belong to the www group but don't:
$ find /www/ilug/htdocs/  -type f \! -group  www
The -nogroup argument means there is no group in the /etc/group file for the files in question.
This may arise if a group is removed from the /etc/group file sometime after it's been used.
To search for files by the numerical group ID use the -gid argument:
$ find -gid 100
Permissions
If you've ever had one or more shell scripts not work because their execute bits weren't set and want to sort things out for once and for all, then you should like this little example:

knoppix@ttyp1[bin]$ ls -l ~/bin/
total 8
-rwxr-xr-x    1 knoppix  knoppix 21 2004-01-20 21:42 wl
-rw-r--r--    1 knoppix  knoppix 21 2004-01-20 21:47 ww

knoppix@ttyp1[bin]$ find ~/bin/ -maxdepth 1 -perm 644 -type f \
                    -not -name .\*
/home/knoppix/bin/ww
Find locates the file that isn't set to execute, as we can see from the output of ls.

Types of files
The '-type' argument obviously specifies what type of file find is to go looking for (remember in Linux absolutely everything is represented as some type of file).
So far I've been using '-type f' which means search for normal files.

If we want to locate directories with '_of_' in their name we'd use:

$ find . -type d -name '*_of_*'
The list generated by this won't include symbolic links to directories.
To get a list including directories and symbolic links:

$ find . \( -type d -or -type l \) -name '*_of_*'
For a complete list of types check the man page.

Regular expressions
Thus far we've been using casual wildcards to specify certain groups of files. Find also support regular expressions, so we can use more advanced criteria with regards to locating files. The matching expression must apply to the entire path:

ken@gemmell:/home/library/code$ find . -regex '.*/mp[0-4].*'
./library/sql/mp3_genre_types.sql
The -regex test has a case insensitive counterpart, -iregex.

There is a little gotcha with using regular expressions: You must allow for the full path of the files found, even if find is to search the current directory:

$ cd /usr/share/doc/samba-doc/htmldocs/using_samba
$ find . -regex './ch0[1-2]_0[1-3].*'
./ch01_01.html
./ch01_02.html
./ch02_01.html
./ch02_02.html
./ch02_03.html
Limiting by filesytem
As an experiment, get a MS formatted floppy disk and mount it as root:
$ su -
# mount /floppy
# mount
/dev/sda2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/fd0 on /floppy type msdos (rw,noexec,nosuid,nodev)
Now try

$ find / -fstype msdos -maxdepth 1
You should see only /floppy listed.
To get the reverse of this, ie a listing of directories that are not on msdos file-systems, use
$ find / -maxdepth 1 \( -fstype msdos \) -prune -or -print
This is a start on limiting the files found by system type.


Thanks,
Babu

Unable to bring up weblogic admin Server after Change IP of Server:

After changing the IP address in the Server (for example xx.xx.xx.xx  to yy.yy.yy.yy).  This Case sometimes  may cause the weblogic admin server is unable to start issue.

The error stack trace looks like below from domain log file

<Info> <WebLogicServer> <BEA-000307> <Exportable key maximum lifespan set to 500 uses.>                                                                                                                                                                  

<Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "Default". The address xxx.xxx.xxx.xxx might be incorrect or another process is using port 5100: java.net.BindException: Can't assign requested address.>

<Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address xxx.xxx.xxx.xxx might be incorrect or another process is using port 5101: java.net.BindException: Can't assign requested address.>

<Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>                                                                                                               

<Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>

<Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>

<Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>

<Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

<Info> <Diagnostics> <BEA-320002> <The Diagnostics subsystem is stopping on Server GRSAdminSG.>

<Info> <WseeCore> <BEA-220504> <The Wsee Service is halting>

<Info> <SAFService> <BEA-281004> <SAF Service has been suspended.>

<Info> <SAFService> <BEA-281005> <SAF Service has been shut down.>                                                                                                                                                                                                                                                                                                                                                                   

For debugging this issue,  Check below two things in your system

1. If you are using  the IP address, instead of the host name, as the listen address of the WebLogic Server Administration Server.  Make sure you change it in config.xml under $WH_HOME/user_projects/domains/domain_name/config directory.

2. Second this is ensure that the /etc/hosts or C:\Windows\system32\drivers\etc\hosts file is modified with new IP.

Regards

Babu

What are the modes of operation for Weblogic server domains

There are two modes: Development and production mode:

Development mode:

ü  You use development mode while you are developing your applications. Development mode uses a relaxed security configuration and enables you to auto-deploy applications.

ü  You can use the demonstration digital certificates provided by the WebLogic Server security services. With these certificates, you can design your application to work within environments secured by SSL.

ü  WebLogic Server instances can automatically deploy and update applications that reside in the domain_name/applications directory.

ü  When you start a server, the server automatically renames (rotates) its local server log file as server-name.log.n. For the remainder of the server session, the server rotates its local log file whenever the size of the file reaches 500 kilobytes.

ü  The default number of threads available to Execute Queues is 15.

ü  The default capacity is 15 JDBC connections.

Production mode:

ü  You use production mode when your application is running in its final form. A production domain uses full security and may use clusters or other advanced features.

ü  A warning message is displayed if you use the demonstration digital certificates.

ü  The auto-deployment feature is disabled, so you must use the WebLogic Server Administration Console or the weblogic.Deployer tool.

ü  A server rotates its local log file after the size of the file reaches 500 kilobytes.

ü  The default number of threads available to Execute Queues is 25.

ü  The default capacity is 25 JDBC connections.

Thanks,
Babu

How SSL works tutorial - with HTTPS example

Install SSL Certificate Oracle WebLogic Server 10.3 / 11g

In this article we will cover the process of requesting a SSL cert for Oracle weblogic server 11g 10.3.3 on RedHat.


Create Weblogic keystore 10.3 :
You need to have JDK 1.6 installed in order to execute keytool located in $JAVA_HOME/bin/keytool.
Note that we are using VeriSign's extended validation certificate, which supports 2048. Starting in 2013, 1024 will no longer be available and 2048 will be required.
Execute the following command and complete the following information.
1) ./keytool -keyalg RSA -genkey -v -alias xbeon -keysize 2048 -storepass changeit -validity 365 -keystore store-name.jks
What is your first and last name?
[Unknown]: example.xbeon.com
What is the name of your organizational unit?
[Unknown]: Information Technology
What is the name of your organization?
[Unknown]: Xbeon, LLC
What is the name of your City or Locality?
[Unknown]: Denver
What is the name of your State or Province?
[Unknown]: CO
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=example.xbeon.com, OU=IT, O="Xbeon, LLC", L=Denver, ST=CO, C=US correct?
[no]: yes
Generating 2,048 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 365 days
for: CN=example.xbeon.com, OU=IT, O="Xbeon, LLC", L=Denver, ST=CO, C=US
Enter key password for
(RETURN if same as keystore password): [Storing store-name.jks]


Request Weblogic VeriSign Certificate :
2) keytool -certreq -alias xbeon -file verisign-request.csr -keystore store-name.jks
Enter keystore password:
Login to Verisign's (must have account) PKI service, copy and paste the contents of verisign-request.csr and submit. An e-mail will be sent with your signed certificate.
After receiving your certificate, you need to add Versign's primary and secondary CA certs to your keystore. You can download them here
Using vi or notepad, paste the contents of the primary and secondary CA’s into primary_EV_CA.cer and secondary_EV_CA.cer, then run the following:
3) keytool -import -trustcacerts -alias primary_EV_CA -keystore store-name.jks -file primary_EV_CA.cer
4) keytool -import -trustcacerts -alias secondary_EV_CA -keystore store-name.jks -file secondary_EV_CA.cer
Save the signed certificate you received from Verisign as verisign.txt and run
5) keytool -import -trustcacerts -alias certus -keystore store-name.jks -file verisign.txt
You will be prompted to enter your keytstore password, which will add the certificate to your keystore.


Configure the Identity and Trust keystores :
If you have not already configured weblogic to use SSL, then you will need to complete the following:
1. Click on the mananged server and select the name of the server for which you want to configure keystores.
2. Select 'Keystores and SSL tab' to configure the keystore for the domain.
3. By default, WebLogic ships with demo certificates for testing purposes. Click the 'Change' link in the upper-right portion of the configuration items. This will display the drop-down list of options for configuration.
4. Choose 'Custom Identity and Java Standard Trust' from the list.
5. Specify the identity keystore information:
[Custom identity]
* Custom Identity key store file Name: c:\full\path\to\mykeystore.jks (The fully-qualified-path to your keystore)
* Custom Identity key Store Type: jks (Generally, this attribute is jks)
* Custom Identity key Store Pass Phrase: keystore password (The password defined when creating the keystore. If you don't know the password you have to start over.)
* Confirm Customer Identity key Store Pass Phrase: Keystore_password (same as above)
[Java Standard Trust]
* Java standard Trust Key Store Pass Phrase: changeit (unless your system admin changed it the password for the cacerts keystore is "changeit")
* Confirm Java Standard Trust Key Store Pass Phrase: changeit
* Click Continue
* [Review SSL Private Key Settings]
* Private key Alias: keyEntry_friendly_name (If you followed our instructions to generate the private key the alias will be 'tomcat'. The alias is the friendly name for your keyEntry (private key), if you do not remember it please run the following command on your keystore to confirm the alias: keytool -list -keystore [keystore_friendly_name] -v)
* Passphrase: keyEntry_password (specify the keyEntry (private key) password. The password for the private key may differ from the one for the keystore)
* Confirm Passphrase
6. Click Continue
7. Click Finish
8. Restart WebLogic Server.
Verify Installation
New To verify if your certificate is installed correctly, use our Certificate Installation Checker.
Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive:https://appserver.domain.com:8001/myapp
Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.




Thanks,
Babu


Collected info from http://www.xbeon.com

Weblogic Admin Interview Question Set # 1

1. Two managed MS1, MS2 servers is there in a cluster. how can you say that load is there on only one server? 

2. If two managed servers is there Same Domain is configured in both servers, but one server is crashed then how can you create a domain with the same configuration? 

3. Give me the real time scenario to configure weight based algorithm in a cluster? 

4. What is the name of ticketing and monitoring tool used in your company? 

5. Application is running and server is also running but the end user requests are not processed then how can you trouble shoot the problem? 

6. How to configure the node manager? 

7. How to find out which version of the operating system in stall in Server? 

8. How to configure the cluster? 

9. If you’re running the script to start the managed server how much time is tacking up the server? 

10. How can you check the server status without using admin console,monitoring tool, log file? 

11. How the session replication is going on? 

12. How can you find out the system (CPU. usage) ? 

13. How can you find out the total and java process details? 

14. How can you find out the total memory (RAM. in system? 

15. What are the activities performed in day? 

16. Tell me something about your company? 

17. What are the values tuned in web logic? 

18. What are the frequently used commands UNIX commands? 

19. How can you replace a character in a file? Means in a file I am an Indian in place of you can replace h? 

20. Differences between weblogic 8.x and 10.x? 

21. What are the differences between multicast and unicast clustering? 

22. What is the default web server port (HTTP port. number secure port number (HTTPS) ? 

23. Default node manager port number? 

24. If the application is not working how can you trouble shoot? 

25. What is thread dump? When we collect the thread dump?

How can you analyze the thread dump? What are the threads find in the thread dump? 

26. What you will do when data source will down? 

27. What are the data source states? 

28. Which protocol is used for the multicast communication? 

29. Which protocol is used for the unicast clustering? 

30. What is the Default multicast port number? 

31. If some servers in cluster are running some of them are down is it deployment is possible? 

32. If today certificates are expired what you have to do? 

33. What are the steps to perform for server migration? 

34. Is it possible two different versions of the same application deploy at the same time? 

35. How can u provide the security in LDAP Server? 

36. How can the cluster members will communicate? 

37. How can u rotate the LOGs in midnight? 

38. Is ticket is raised by u or any else? 

40. How can u work with ticketing tool? 

41. What are the difference b/w web server and proxy server? 

42. What is tuning how can u performances the tuning? 

43. Difference between horizontal clustering, vertical clustering and where both are used? 

44. What are the daily activities? 

45. If data source is configured but then after DB server is not running then what is the state of data source? 

46. How many ways to take the dumps? 

47. Scenario:I have 4GB RAM and i'm using 4 mng-servers while i'm starting the servers I have a msg OUT OF MEMORY. How can you fix it. 

48. What is the tool u r using for thread dump and tell me how to work with it? 

49. Tell me the errors u r getting in the browser like 500? How many errors are there? Explain? 

50. How will u find if the connection pool is connected with database or not? not by using the console? 

51. If client send the request the web page is appeared at morning but   when he sends the request at evening blank page is displaying so, what will u do at that time? 

52. How can u get the deployment files from another box and from where u will get? 

53. Is necessary to change the jdbc connections number frequently in production is there any chance to solve that, if we want to performance tuning on jdbc? 

54. What is the default administration port number? 

55. How can u find out how many files are opened in Unix box? 

56. If the file is opened is it possible to apply tar command? 

57. If server is tacking more amount of time to restart then how can you trouble shoot? 

58. You are deploying application using weblogic.Deployer then SSL is configured then what are the parameters you pass with the weblogic.deployer? 

59. If SSL is configured then which key is send to the client? 

60. In SSL configuration what type of key algorithms is there? 

61. How to connect to the remote machine? 

62. What is the difference between heap dump and thread dump? 

Thanks,

Babu

Differences between Weblogic Server 8.x Vs 9.x

I have published some differences,If you  more try share here .
It will useful for all 

S no	Weblogic Server 8.x	Weblogic Server 9.x
1	Supports JDK 1.4	Supports JDK 1.5
2	The directory structure Ex : like the config.xml location, cache and staging folder paths, managed or admin server paths	The directory structure more Structured way of folders rearranged
3	We have a silent  Mode of Domain creation	We don’t have this Option in Domain creation
4	We  need configure Connection pools then Data source	First need to create a Dynamic  Data Source , inside u can find a Connection pool tab
5	Here We don’t have any Lock & Edit future in console.	Here We have Lock and edit feature in console
6	Don’t  have Side by Side Deployment feature	We have this  future here
7	Where we are Redeploying application we need un-install previous version , then deploy the new version application	No need to un –install simply update option.
8	This Will not support two Phase deployment	This Will support two Phase Deployment
9	Via console we have Different Module Deployment like 1.Applications 2.EJB Modules 3.WebApplication Modules 4.Connector Module	Here No module deployment all  type of Modules In Single Screen in console
10	WLST was introduced but this will be available from 8.1 SP6	Here full Developed with MBean utility
11	Here Creation users & Roles Only way to create from console	Here we can upload those users and roles. this xml must be expressed in eXtensible Access Control Markup Language (XACML) 2.0.
12	This will not Support for SQL Server 2005	This Will support  SQL Server 2005
13	WebLogic Diagnostic Framework feature we don’t have in this version	Here we have this feature. With this feature we can do Application-scoped monitor, HttpSessionDebug, enables you to inspect an HTTP session object.
14	Not support for JMS Client-Side Store-and-Forward	Supporting Client-Side Store-and-Forward

Thanks
Babu