Saturday, October 7, 2017

Cannot read the default policy store. config/fmwconfig/work/AdminServer/policyA/mac Permission denied

Cannot read the default policy store. config/fmwconfig/work/AdminServer/policyA/mac (Permission denied)

 

OIM Weblogic Admin Server Failed to start with below error. Sometimes, Admin server may start but the managed server may FAIL to Restart, with similar errors.

<Notice> <Log Management> <BEA-170019> <The server log file /u01/app/oracle/product/fmw/user_projects/domains/oim_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.>

Dec 10, 2017 2:04:16 AM oracle.security.jps.az.internal.runtime.service.PDPServiceImpl oracle.security.jps.az.internal.runtime.service.PDPServiceImpl

SEVERE: Cannot read the default policy store.

oracle.security.jps.service.policystore.PolicyStoreException: java.io.FileNotFoundException: /u01/app/oracle/product/fmw/user_projects/domains/oim_domain/config/fmwconfig/work/AdminServer/policyA/mac (Permission denied)

at oracle.security.jps.az.internal.runtime.pd.receiver.FileCacheHelper.writeStateCheck(FileCacheHelper.java:241)

at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Caused by: java.io.FileNotFoundException: /u01/app/oracle/product/fmw/user_projects/domains/oim_domain/config/fmwconfig/work/AdminServer/policyA/mac (Permission denied)

at java.io.FileOutputStream.open(Native Method)

at java.io.FileOutputStream.<init>(FileOutputStream.java:221)

at java.io.FileOutputStream.<init>(FileOutputStream.java:171)

at oracle.security.jps.az.internal.runtime.pd.receiver.FileCacheHelper.writeMac(FileCacheHelper.java:633)

at oracle.security.jps.az.internal.runtime.pd.receiver.FileCacheHelper.writeMac(FileCacheHelper.java:606)

 

Resolution:

-         Change permission of the file from root to oracle (or the application owner)

-         $ chown oracle:oracle /u01/app/oracle/product/fmw/user_projects/domains/oim_domain/config/fmwconfig/work/AdminServer/policyA/mac

-         Also remove (backup) the stage, data, tmp and cache folders from AdminServer. Do the same for managed servers if they were started as well, following the Adminserver startup with root user

-         Restart the Admin and managed servers

Cause:

-         It appears the Admin server was started using root user

No comments:

Post a Comment