Skip to main content

Unable to Open Log and Output file in the Browser in Oracle Apps EBS

Unable to Open Log and Output file in the Browser in Oracle Apps EBS



Error:

We have seen this issue very recently in our EBS instance where users were not able to open Log & Out files in browsers in our EBS R12.2 instance. The browser page was showing a blank page. The below process was followed to troubleshoot and fix the issue ASAP.



“FS Diagnostic Test Program” is usually used to Troubleshoot FNDFS and FNDWRR (Problems Viewing Concurrent Request Output. When we ran this diagnostic program, it gave us the below error:

Issue:

The main focus was on FNDWRR.exe and its affiliated files at the server end to see for any changes and it was finally located that txkFNDWRR.pl perl file under $EBS_ORACLE_HOME/common/scripts/ was showing up as a NULL size file.

The same file was showing up as a NULL file in Non-Production instances too. As a quick solution,  this file was copied from Patch Edition to Run Edition under $EBS_ORACLE_HOME/common/scripts/ which resolved the issue for users.

As the issue happened in all non-production and production instances at the same time, which means it was not done manually by any Apps DBA, so it was very critical to find the root cause ASAP. The main focus was on the access log of EBS Apache to verify what all activities happened at the exact time when the txkFNDWRR.pl perl file was updated and here is the code snippet from the access log:

<IP ADDRESS> - - [31/May/2023:11:23:31 -0500] "POST /OA_HTML/BneViewerXMLService;.js?bne:uueupload=TRUE HTTP/1.1" 200 184
<IP ADDRESS> - - [31/May/2023:11:23:31 -0500] "GET /OA_CGI/FNDWRR.exe HTTP/1.1" 200 12
The connection was coming from an external isupplier node.

“bne” refers to WebADI in Oracle EBS and the “uueupload=TRUE” option in a command or script specifies that the file is being uploaded or transferred in encoded uuencode format and is a kind of a signal to the server that the file should be decoded using the uuencode format before being stored on the server.


Solution:

As soon as we located that the txkFNDWRR.pl file was targeted using the above WEBADI vulnerability, we locked this file so that only the super user (root) can modify this file and no EBS application is impacted. (Note: we had already verified that there was no other files changed on the server besides this file)

Set the "immutable" attribute
# chattr +i txkFNDWRR.pl

To remove the immutable attribute
# chattr -i txkFNDWRR.pl

To see the current attributes 
# lsattr txkFNDWRR.pl

-------------e--- txkFNDWRR.pl

Please note that this file txkFNDWRR.pl is modified by ADOP/Autoconfig so you can’t keep it locked or else ADOP/Autoconfig will fail.


Or 

Apply Oct-2022 Security patches for EBS R12.2 or apply a small one-off WebADI Patch 34436371.

Or 

Disable WebADI Access from the External Application Tiers in your DMZ by Configuring the URL Firewall

This can be done by following “Section 7.5: Configuring the URL Firewall” of the below Doc ID:

Oracle E-Business Suite Release 12.2 Configuration in a DMZ (Doc ID 1375670.1)

1.) Create master url_fw.conf file in both RUN and PATCH Edition
On your iSupplier Node, Create master url_fw.conf file and unblock all the isupplier products you are using. Below WEBADI/BNE access must be blocked from the External node. The following lines in the [ url_fw.conf ] need to be commented out. The hashtag (“#”) at the beginning of the line accomplishes this.

#================================================================
#Include URLs for SSHR (Self Service Human Resources)
#================================================================
#RewriteRule ^/OA_HTML/BneApplicationService$ - [L]
#RewriteRule ^/OA_HTML/BneViewerXMLService$ - [L]
#RewriteRule ^/OA_HTML/BneDownloadService$ - [L]
#RewriteRule ^/OA_HTML/BneUploaderService$ - [L]
#RewriteRule ^/OA_HTML/BneTemplateService$ - [L]
#RewriteRule ^/OA_HTML/BneTemplateRedirectService$ - [L]
2.) Create a custom auto-config template url_fw_conf_FMW.tmp for url_fw.conf. This is needed so that auto-config/ADOP does not overwrite it. Put this template under $FND_TOP/admin/template/custom
You can run $AD_TOP/bin/adchkcfg.sh to verify if the template is getting picked.

3.) Modify CONTEXT_FILE in iSupplier node (both RUN and PATCH)

REPLACE
<urlfirewall oa_var="s_enable_urlfirewall">#</urlfirewall> 
BY
<urlfirewall oa_var="s_enable_urlfirewall"/>
4.) Stop the Application, Run Autconfig on External and Internal Nodes, and Start Application.








If you like please follow and comment
Labels:

Comments

Post a Comment

Popular posts from this blog

WebLogic migration to OCI using WDT tool

WebLogic migration to OCI using WDT tool Oracle WebLogic Deploy Tool (WDT) is an open-source project designed to simplify and streamline the management of Oracle WebLogic Server domains. With WDT, you can export configuration and application files from one WebLogic Server domain and import them into another, making it a highly effective tool for tasks like migrating on-premises WebLogic configurations to Oracle Cloud. This blog outlines a detailed step-by-step process for using WDT to migrate WebLogic resources and configurations. Supported WLS versions Why Use WDT for Migration? When moving Oracle WebLogic resources from an on-premises environment to Oracle Cloud (or another WebLogic Server), WDT provides an efficient and reliable approach to: Discover and export domain configurations and application binaries. Create reusable models and archives for deployment in a target domain. Key Pre-Requisites Source System: An Oracle WebLogic Server with pre-configured resources such as: Applica...
Post a Comment
Read more

How to Validate TDE Wallet Password in Oracle Database

How to Validate TDE Wallet Password in Oracle Database Validating the Transparent Data Encryption (TDE) wallet password is crucial, especially when ensuring that the password is correct without using the OPEN or CLOSE commands in the database. This blog post explains a straightforward method to validate the TDE password using the mkstore utility. Steps to Validate TDE Wallet Password Follow these steps to validate the TDE wallet password: Step 1: Copy the Keystore/Wallet File Navigate to your existing TDE wallet directory. Copy only the ewallet.p12 file to a new directory. If a cwallet.sso file exists, do not copy it . The absence of cwallet.sso ensures that the wallet does not use auto-login, forcing the utility to prompt for the password. Step 2: Validate Using mkstore Use the mkstore utility to check the contents of the wallet file. The mkstore utility will prompt you for the TDE wallet password, allowing you to validate its correctness. Command Syntax To display the conten...
Post a Comment
Read more

EBS 12.2 ADOP Interview Questions With Scenarios

EBS 12.2 ADOP Interview Questions With Scenarios Note: Check the patch cycle log is important to fix any issues.  Location: $ADOP_LOG_HOME Useful Adop Commands Click here 1.What is ADOP concept in oracle apps Online patching is the most important new feature in Oracle E-Business Suite Release 12.2. It is the ability to patch a running system without having to take the system down for a significant period of time while the patches are applied. 'adop' is the utility we use to apply patches in R12.2 2.What is PATCH_TOP directory in R12.2 In R12.2 there is a new directory location environment variable called $PATCH_TOP which points to $NE_BASE/EBSapps/patch $NE_BASE points to <Non-Editioned-filesystem-directory> Download the patch into the patch top directory and unzip it. This is the default location where the adop will look for patch files. If you are planning to put patches in non-defualt location then you need to use adop parameter 'patchtop=<patch_path>' to...
Post a Comment
Read more