cancel
Showing results for 
Search instead for 
Did you mean: 

Difficulties setting up IDM v7.2 MC on Windows (IDM Server = Linux OS w/ Oracle)

Former Member
0 Kudos

I am having some issues linking the IDM Management Console to my IDM Server instance to start to add repositories/servers....

It looks as though the MC on the client workstation see's the server correctly but I am unable to login using the default MXMC_ADMIN system user id.  The sap lsnrctl service is running on the server....

Any help you can provide is greatly appreciated.

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Found the answer!!!!!!!

I did not have the Environmental Variable TNS_ADMIN setup to point to my local oracle installation --

Also I did have to run the Windows ODBC Data Source Administrator odbcad32.exe from C:\Windows\SysWOW64\ and add the IDM.WORLD System Data Sources as it was completely Missing-in-Action.

Now I am facing some other issues in relation to security but we can file this mystery in the "Solved" category.

Now onto the other errors.... --- Key.ini file not the same as database ?

Upon selecting 'Next' after successful connection test...

So I guess my Keys.ini files are different?  Whats the best way to approach this - copy over the keys.ini file from the database to local?  Problem is... I do not know where the file exists either on the server or locally.... Is this the best solution? or is there some other proper method to resolve?

Former Member
0 Kudos

I'd probably use the database one given it was installed with the database and should be correct.  Not sure where it is on linux/ora

On the windows server it should be in the sap idm directory - from memory in a folder called KEYS but it could be anywhere depending on who installed it.  Just search the HDD for keys.ini and you should find it.

Peter

keith_zhang
Active Participant
0 Kudos

Hello Andrew,

Below IDM security guide section 8.2 offers more detail information for this:

http://service.sap.com/~sapidb/011000358700001223802010E

Hope it clarifies.

BR, Keith

Former Member
0 Kudos

Hi Andrew,

The Keys.ini file is generated when the Management console is opened for the first time after it is installed.

The Keys.ini file is very important as this is accessed by other componets of IDM to encrypt the data when the components (Identity Management User Interface, the Virtual Directory Server and all runtime engines) communicates with each other.

Hence it has to be distributed to all the different servers where the different components of the system are installed.

"If the Keys.ini file does not exist when you start the Management Console, it will create the file containing a random key" @ <installation folder>\key\keys.ini

In your case,

Case 1: I believe you might have installed / uninstalled management console & run time components to troubleshoot in case of issues, because of which the previous Keys.ini file might be still existing. In this case, I suggest you to

  1. Uninstall the management console.

  2. Remove the keys.ini file. Re-install.

  3. Distribute the new key again to all the servers where the different IDM components are installed.

Case 2: You haven't installed the Management console properly. Keys.ini is generated but you forgot to distribute the Keys.ini file to the systems where the other IDM components are installed. In this case, I suggest you to

  1. Distribute the Keys.ini to the respective systems.

All the best !!

~ Krishna.

Former Member
0 Kudos

All,

    

I very much appreciate the replies, Keith thank you for the
IdM Security Guide link… Refering to section 8.2 -

I found the Keys.ini file on my machine where I installed
IDM MC in the following directory:

C:\usr\sap\IdM\Identity Center\Key

I cannot find the file at all on the IDM Server (Linux) –
This is a brand new install were trying to setup as a prototype (therefore we
haven’t configured data repositories or anything else yet, I am simply trying
to link the database to the MC at this point)

I tried copying the Keys.ini file from my local windows install
to the IDM server @ /usr/sap/idm/identitycenter/KEY/      (The Security Guide does not give a
specific path for linux Keys.ini file)

I had to make this folder “KEY” as it did not exist, and I
manually created the Keys.ini inside it… yet I am still receiving the same
errors as above when attempting to run MC and setup Dbase link….

Krishna,

I agree with your “Case 2” assessment of having to
Distribute the Keys.ini into the respective systems because I am pretty sure my
IDM MC was installed properly, however I am having issues in find out exactly
where this file should go in Linux.

As I see it right now my Windows IDM MC Workstation which I
installed IDM on to interact with the Linux IDM Server is the only system which
has a Keys.ini file….  If distribution of
this file to all other systems is as easy as knowing which paths the file
should be copied too I would need to know that path, is there some SAP IDM
Server side actions I need to take to generate the file then distribute it from
the server to the MC Clients, instead of from the Clients -> Server?

former_member2987
Active Contributor
0 Kudos

Andrew,

Look to where you installed the runtime on the Linux Server.  You can create a folder there.  Don't forget that this is case sensitive!

Matt

Former Member
0 Kudos

Matt,

I understand the SenSitIvIty of the case.   Page 32 of 42 of this file.

/usr/sap/idm/identitycenter/KEY/Keys.ini   was created on the Linux server - KEY/Keys.ini did not exist the rest of the path is legit for IDM Install.

former_member2987
Active Contributor
0 Kudos

Andrew,

Yep, that's where it goes.  Just be careful, if you also install VDS it will install to /usr/sap/IDM/...

This will cause a problem.

Matt

Former Member
0 Kudos

Matt,

Perhaps this is why its not working....

I did create /usr/sap/idm/identitycenter/KEYS/Keys.ini       BUT

/usr/sap/IDM/ also exists.... (VDS Perhaps?)  but contains J00, SCS01, & SYS directories....

Same error as above still when creating /usr/sap/idm/identitycenter/KEY/Keys.ini 

terovirta
Active Contributor
0 Kudos

Do you have a SAP AS Java system which's system id is "IDM"?

regards, Tero

Former Member
0 Kudos

Tero,

Yes.   We are utilizing installation directions which identify installing IDM on a Linux architecture which guide through also ensuring installation of AS JAVA components.

Up to this point we have not seen or performed any installation instructions geared towards installing VDS, we simply want to install IDM as a new installation and link it to its own Oracle 11g database (which we have not even populated yet, we created the database but its empty).

Perhaps there is a miscommunication given that these two directories exist, both "idm" & "IDM" ??? Like I mentioned we have not performed any actions to install VDS....

1/8/2014 - 11:40AM (MST-AZ) - Just attempted to see if it would make a difference I replicated the *\KEY\Keys.ini structure in both "idm" and "IDM" directories.  Still receiving the same error related to Keys.ini file..

former_member2987
Active Contributor
0 Kudos

Andrew,

So you have an "idm" folder and an "IDM" folder?  Do they both have "keys" under them?

Matt

Former Member
0 Kudos

Matt,

Yes, both my "idm" [[ /usr/sap/idm/ ]] and "IDM" [[ /usr/sap/IDM/ ]] folders have KEY folders which contain identical Keys.ini files...

However, I manually created both the KEY folder & Keys.ini files which otherwise did not exist in either location.

I took the copy of Keys.ini which was created on my windows workstation upon installation of the IDM MC - which was located in "C:\usr\sap\IdM\Identity Center\Key" folder and replicated it to both paths mentioned above.

Prior to copying and replicating these files as mentioned above I searched the entire server in linux from Root for any Key* file and results returned no such existance of a Key.ini file created by the IDM installation....

former_member2987
Active Contributor
0 Kudos

Andrew,

The KEYS.INI will only be generated by IDM itself from the MMC console.  You are then responsible for distributing as needed. 

You'll need it whenever you setup a dispatcher on another server or if you implement VDS and it needs to connect to IDM.

Now that you've done this are things working better?

Matt

Former Member
0 Kudos

Matt,

No. still same errors, I even tried creating both "KEY/Keys.ini" and "Key/Keys.ini" without resolve.

The linux directions specifically state the case-sensitivity issue and that the path should be

defaultinstallpath/KEY/Keys.ini 

but on my local machine its

defaultIDMMCinstallpath/Key/Keys.ini

So I took a chance and just created Key/Keys.ini and still same issue.

Perhaps the problem exists in that the server itself never generated a Keys.ini file only the client install of the management console did and I had to manually replicate that copy elsewhere.....??

EDIT:   Oh, sorry misread what you said Matt... I understand now I guess its supposed to work that way with IDM MMC generating the Keys.ini file, yet even though I manually replicated it to the specific directories mentioned, I still get the errors??? hmm....

former_member2987
Active Contributor
0 Kudos

Andrew,

Did you check the permissions on the keys.ini file on the linux box?

Matt

Former Member
0 Kudos

Matt,

Well originally securities on Keys.ini were 648  (-rw-r--r--)  I adjusted to 777 (-rwxrwxrwx) and upon starting up IDM MC and going through the steps I still get:

Specify ADO Connection String = Used MXMC_ADMIN as login user

“Test Connection” button results in success!

Next >>>

Populate with MXMC_ADMIN and pass

Specify ADO Connection string for standard runtime engine = Used MXMC_RT as login user

“Test Connection” button results in success!

Next>>>

Specify JDBC URL for Java Runtime Engine = Used MXMC_RT as login user

Ensured using “Oracle Thin Driver”

Next>>

[[[FINISH]]]

Still get the error after the initial ADO Connection string several times but still allows me to proceed after the error... (which it let me do before changing permissions as well....)

Former Member
0 Kudos

When I seek out the Advice of the error messages in looking to upgrade the database from 7.1 to 7.2 I found this documentation:

http://scn.sap.com/docs/DOC-4346#comment-444068

SAP NetWeaver Identity Management Identity Management for SAP System Landscapes Upgrading from Identity Management 7.1 to 7.2

But when I go to page 19 where-in it discusses migration of Oracle database on Unix it refers extracting a zip file, furthermore it explains all scripts and files required are obtained via "The Accompanying Zip file" but no mention of any accompanying zip file or where to obtain it from, or even a filename for which to google....

Anyone know if I am on the right track to perform the Oracle database upgrade via the document, or where to get this mysterious zip file from?

I also commented on the authors page about the PDF in hopes of obtaining a reply...

Former Member
0 Kudos

Hi,

This ZIP-file is also available from the SCN:

http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/3070bc70-e6d6-2e10-da90-fac8e55d0...

Regards,

Rannveig Østevik

Senior Info Developer SAP NW IdM

former_member2987
Active Contributor
0 Kudos

Yeah, I've seen this before.

Double check all of your installs and make sure you have installed the exact same version of the Designtime and Runtime on their respective systems.  Then make sure that the database is patched to the same level.  You'll also need to regenerate your dispatchers.

You should not have to do anything with the KEYS.INI during this process.

Matt

Answers (4)

Answers (4)

Former Member
0 Kudos

The issues with the Database where resolved when performing updates on Oracle Dbase.  The Key.ini error still exists intermittently but we are able to progress through the steps with it, has not displayed itself as an error, all INI files on clients and server are identical.

Continuation of this thread exists with new issues pertaining to MxService.exe errors when trying to setup dispatcher - link: 

Former Member
0 Kudos

If you open the local Net Configuration Assistant on the MMC host and test the connection from there, does it connect to the Oracle host? The Oracle OLEDB config just lists the content of the tns config file and does not indicate any connection to the server or that the local listener is configured correctly.

Br,

Per Christian Krabsetsve

Former Member
0 Kudos

Per,

I can't seem to find the "Net Configuration Assistant"   - I am looking at the URL below for guidance in finding the executable...

http://docs.oracle.com/cd/B10500_01/network.920/a96580/admintoo.htm#483509

The only thing listed is "Microsoft ODBC Administrator" which I find odd because I installed the Oracle Thin Client for 11g?

I can however find the TNSNAMES.ORA file in C:\app\USERNAME\product\11.2.0\client_1\Network\Admin\Sample\  but when I look at it it shows:

alias =

  (DESCRIPTION =

    (ADDRESS = (PROTOCOL = TCP)(HOST = myserver.mycompany.com)(PORT = 1521))

    (CONNECT_DATA =

      (SERVER = DEDICATED)

      (SERVICE_NAME = orcl)

    )

  )

Which is the same as the sample commented supplied info - I have altered it to utilize the correct syntax/conventions yet still recieve the error.

Former Member
0 Kudos

It definitely appears to be an oracle connection problem, rather than IDM.  Check services, name resolution, firewalls and so forth

Peter

Former Member
0 Kudos

If I proceed through the connection setup prompts without choosing "Test Connection" I get the following IDM Login screen which leads me to beleive that the system is awaiting inqueries from clients.....  But, inputting the same login credentials ends up showing the same TNS:no listener error as above...

terovirta
Active Contributor
0 Kudos

If the connection test fails then MMC cannot connect to your IdM DB on Oracle. Does the connection work from SQLPlus from the same computer that you're running MMC? If it does then I suspect the OLEDB for Oracle you're using driver is at fault/wrong one.

The connection details are stored in file so MMC normally doesn't prompt for any usernames and passwords as you don't access MMC (normally) with your own login details.

Are you using an Oracle DB that has been installed with SAP's installers or is instance that is shared with AS ABAP or AS Java systems?

regards, Tero

terovirta
Active Contributor
0 Kudos

Andrew Petrola wrote:

If I proceed through the connection setup prompts without choosing "Test Connection" I get the following IDM Login screen which leads me to beleive that the system is awaiting inqueries from clients..... 

At that point system is not awaiting inquiries as the installation is not yet complete. You must first get the MMC to connect to DB, next import the SAP Provisioning Framework to MMC which will give you the technical means to connect IdM to SAP systems, next define/install dispatcher service (the run-time process), then you can create the repositories and are half way there to provision to target systems.

former_member2987
Active Contributor
0 Kudos

Tero,


I think you're on to something here.  Andrew, which driver are you using? I'm pretty sure it's the thin driver.

Can you connect from that desktop using another tool such as Toad, Squirrel, or the Oracle SQL Developer?

Matt

Former Member
0 Kudos

Tero,

I am successful with connecting via SQLPlus from the same PC that I am running the MMC.

We're utilizing Oracle11g w/ Linux OS and I downloaded the following Oracle client installation.

ODAC112021.zip  -  and installed as shown below:

Former Member
0 Kudos

I slowly learned much of that while overlooking the default documentation from   -- I even looked at the default documentation for setting up the connection to DB and ensured I was performing the correct actions, yet for some reason I still get this strange errror...