If Observed the GC time is Very Long.

Suppose if we dont have an option to decrease the Heap Memory then we can even think of adjusting
the -XX:MaxNewSize (in JDK1.3 and JDK1.4) or -Xmn (new name of Young Generation flag from JDK1.4
onwards). Increasing the -Xmn (Young Generation Area) helps in scenarios where the Application
creates short living objects (less caching Applications). Because it inceases the time of minor GC, most of
the application objects dies early.

Full GC Is Happening Very Frequently?

Similarly If we dont require a very frequent RMI garbage collection then we can use the JVM Option: –
Dsun.rmi.dgc.client.gcInterval=1800000 …… It means now the Explicit RMI Garbage collection will
happen in 30 Minutes.

OutOfMemoryError: unable to create new native thread?

Many applications which creates a lots of Threads which requires less memory for their local variables,
still the JVM allocates a large memory StackSize for those threads…so after a certain number of thread
creation JVM will not be allocate some more space for new Thread creation.

How To Preserve Memory ?

. We must disable loading some libraries in the memory of JVM if our application does not require them.
Like if our Application does not require the JVMs Graphic Library then in that case we must diasble
loading of Graphic libraries using the JVM Option “-Djava.awt.headless=true”

HTTP tunneling

Lam Diengdoh If you want to use HTTP tunneling (wrap every message in HTTP to get through a
firewall), you need to add TunnelingEnabled="true" into your &lr;ver> definition in the config.xml file or
check the appropriate box on the console. Then use a URL like http://localhost:7001 instead of
t3://localhost:7001 for Context.PROVIDER_URL when getting your InitialContext. If you want HTTP
tunneling with SSL, use https://localhost:7002 (where https uses HTTP tunneling with SSL and 7002 is
the secure port that you configured). You will pay a performance penalty for doing this, so only use
tunneling it if you really need to (i.e., need to go through a firewall)
1_Update the cert my_managed_server01 (private key *.jks and the new cert
file *.cer is already created and copied it to the certs directory)

cd /opt/bea/domains/MyProdDomain/certs

Execute below command to import the key

keytool -import -alias mykey -file my_managed_server01.techpaste.com.cer -keystore

my_managed_server01.jks -storepass importkey

2_logon to http://Adminserver01:7001/console
-go to Environment > Servers > my_managed_server01 > Configuration >SSL

-update “Private Key Alias:” to mykey if different name is there already.

SSl expiry date

keytool -list -v –keystore

Secure Sockets Layer (SSL) provides secure connections by allowing two

applications connecting over a network connection to authenticate the other’s identity
and by encrypting the data exchanged between the applications. Authentication
allows a server and optionally a client to verify the identity of the application on the
other end of a network connection. Encryption makes data transmitted over the
network intelligible only to the intended recipient.
It provides transport level security by usage of the SSL certificates which are provided by the
Industry standard Certificate Authorities like Verisign, GeoTrust, GoDaddy etc.
WebLogic Server supports SSL on a dedicated listen port which defaults to 7002. To establish an
SSL connection, a Web browser connects to WebLogic Server by supplying the SSL listen port and
the HTTPs protocol in the connection URL, for example, https://myserver:7002.
The below post describes the complete procedure about procuring the certificate, installing and
configuring the certificate to the WebLogic Server. (WebLogic SSL Configuration).

1: Generating and procuring the certificate:

a: Open a command prompt and set the environment by running the setDomainEnv script.
b: Generate the private – public key pair. For demonstration we would use keytool java utility to do
so. However we can use other utilities like openssl etc.
keytool -genkey -alias client -keyalg RSA -keysize 2048 -keystore identity.jks -
storepass password -keypass password
c: Generate a Certificate Signing Request (CSR) and send it to Certifying Authority.
keytool -certreq -keyalg RSA -keysize 2048 -alias client -file certreq.csr -keystore
identity.jks -storepass password
The CA would return with the certificate reply and the RootCA and sometimes an intermediateCA
certificate.

d: Import the certificates into the keystore, this can be done in two ways either by importing the
certificates in an order of RootCA, intermediateCA and then Certificate reply. Or we can create a
certificate chain clubbing them in an order into a .pem file.

For demo, we would create a certificate chain file CertChain.pem and import it into the identity
keystore overriding the private key alias which is client in this example.
keytool -import -file CertChain.pem -alias client -keystore identity.jks -storepass
password
e: Create a trust keystore, this can be done my importing your RootCA certificate into another
keystore that constitutes the trust.
keytool -import -file rootCA.cer -alias RootCA -keystore trust.jks -storepass
password
To verify the contents of the keystore, you can use the below command,

Keytool –list –v –keystore <keystore-name> -storepass <keystore-password>

2: Configuring the keystore on the WebLogic Server.

a: Log into the Admin Console, select the server on which you want to configure the SSL certificate.

Server –> Click on the Keystore tab. By default it points to the Demo Certificates.

From the dropdown list select the “Custom Identity and Custom Trust” option.
Enter the identity and trust keystore details.
b: Configure the identity of the server:

Click on the SSL tab and enter the alias of the private key i.e. client in this case and the keypass
password.

NOTE: If you enable the SSL for a WebLogic Server, by default it would be One Way SSL. If you
want to change to Two Way SSL, you would require to select the two way SSL behavior from the
Advanced option list.
c: Configure the SSL port.

By default it would be 7002.

Go to server –> General tab –> Specify and enable SSL port.

You can see the below messages in the server logs which indicate that the certificates are loaded.
<Notice> <Security> <BEA-090171> <Loading the identity certificate and private
key stored under the alias client from the JKS keystore file
C:\Wonders\WebLogic\Security\SSL-Certs\Verisign\identityVerisign.jks.>
<Notice> <Security> <BEA-090169> <Loading trustedcertificates from the JKS
keystore file C:\Wonders\WebLogic\Security\SSL-Certs\Verisign\trustVerisign.jks.>

3: Test the setup:

You can test the setup by accessing the admin console (if SSL is configured for Admin Server) or
any application deployed on the server by accessing it on https protocol.
https://localhost:7002/console

Now verify whether the right certificate is configured or not.

Click on the certificate details and you would find the details about the identity and the RootCA along
with the certificate chain.
NOTE: For a production environment make sure that CN (Common Name) of the certificate matches
with the server host name.
You can also use self signed certificates or trial certificates for testing purpose. However is it not
recommended to use them in production environment.

You can get the Verisign trail certificates from the below link.

3_ Restart SSL on the console

-go to Environment > Servers > my_managed_server01 > Control > Restart
SSL (do not restart anything else)

When we deploy web applications on the weblogic server, there are some common errors seen on
the admin console while activating changes. These errors are usually not resolved even after restart
of the server. Few of the issues are as below:
1) <Error> <Console> <BEA-240003> <Console encountered the following error
weblogic.management.DeploymentException: [Deployer:149189]Attempt to operate ‘distribute’ on null
BasicDeploymentMBean for deployment portalTramitsServeisEAR. Operation can not be performed
until server is restarted.
– This may be resolved by running statd() and lockd() processes on every NFS client that accesses
a remote NFS volume.

– If different servers (sharing the same domain root) are started with different user Ids of same
group, set the correct “umask” for the server process so that the file created by one server can be
opened for read/write by the other server without security exceptions. Eg: “umask 002”.

Workaround for this issue:

1. Click on Lock and Edit.
2. Go to deployments.
3. Click to install the web-app.
4. After installing (any staging mode), click on Activate changes. At this time, you will see the error
as mentioned above.
5. Now click on Activate Changes again.
6. Click on Lock and Edit.
7. Click on Undo All Changes.
8. Click on Lock and Edit and install the app again.
9. This time it succeeds.

2) javax.xml.transform.TransformerFactoryConfigurationError: Provider
org.apache.xalan.processor.TransformerFactoryImpl not found
at javax.xml.transform.TransformerFactory.newInstance(TransformerFactory.java:108)
at weblogic.management.provider.internal.ConfigReader.convert(ConfigReader.java:100)
at weblogic.management.provider.internal.ConfigReader.<init>(ConfigReader.java:71)
at weblogic.management.provider.internal.ConfigReader.<init>(ConfigReader.java:65)
at
weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.handleConfigTree
Load(RuntimeAccessDeploymentReceiverService.java:961)
at
weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.updateDeployment
Context(RuntimeAccessDeploymentReceiverService.java:581)
at
weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doUpdateDeploym
entContextCallback(DeploymentReceiverCallbackDeliverer.java:133)
at
weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.updateDeployment
Context(DeploymentReceiverCallbackDeliverer.java:27)
– When the application is already deployed on the server, any change made through the console
throws this error. Suppose the application is deployed on the managed servers, when the servers
are running and the application is active, the changes cannot be activated. The workaround for this
is to shutdown the managed servers and make any changes. But this is not acceptable in the
production environment.

Solution :
1- Undeploy the application. Shutdown the servers.
2- Add xercesImpl.jar, xalan.jar, serializer.jar, xml-apis.jar and xsltc.jar libraries in classpath.
3- In the application, place the file xalan.jar, xercesImpl.jar and xml-apis.jar in the war file i.e web-
inf/lib directory, then set prefer-web-inf-classes to true in weblogic.xml as:
<container-descriptor>
<prefer-web-inf-classes>true</prefer-web-inf-classes>
</container-descriptor>

4- Set the following start-up flags in the JAVA_OPTIONS:

-Djavax.xml.parsers.SAXParserFactory=weblogic.xml.jaxp.RegistrySAXParserFactory
-Djavax.xml.parsers.DocumentBuilderFactory=weblogic.xml.jaxp.RegistryDocumentBuilderFactory
-Djavax.xml.transform.TransformerFactory=weblogic.xml.jaxp.RegistrySAXTransformerFactory
– Restart the servers, deploy the application again, and check if the issue still persists.

<BEA-290071> <Deployment service servlet failed on parsing the request or uploading the file>
Use the following java option

-Dweblogic.deploy.UploadLargeFile=true

Unable to access the selected application.

Exception in AppMerge flows’ progression
Exception in AppMerge flows’ progression
VALIDATION PROBLEMS WERE FOUND problem: cvc-complex-type.2.4a:
You need to update your web.xml namespace declaration.

http://docs.oracle.com/cd/E21764_01/web.1111/e13712/web_xml.htm#i1039990

You get the following exception when jsp size is huge.

too large for try statement

Use the following JVM Option

-Dweblogic.jsp.noOptimization

Getting following error at the time of deployment.

Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Logger

Apply Patch 16038283 and excluding classes which are not used as beans by editing the beans.xml
file.
If the issue is still not resolve please get in touch with Oracle Support.

Thread pool

There are two ways to achieve this. One way is by using a JVM startup
argument and the other way is by editing the config.xml file.
1) Using a JVM startup argument to specify the self-tuning thread pool size

To set a minimum thread pool size, add the following JVM startup argument to
JAVA_OPTIONS in the WLS startup script.

-Dweblogic.SelfTuningThreadPoolSizeMin=<value>

To set a maximum thread pool size, add the following JVM startup argument:

-Dweblogic.SelfTuningThreadPoolSizeMax=<value>

2) Manually Editing config.xml for tuning self-tuning thread pool size

Add the following<self-tuning-thread-pool-size-min>and<self-tuning-thread-

pool-size-max>tags as shown below in config.xml for all server instances to
set the min and max values for the self-tuning thread pool. In the following
snippet, we have taken 100 as the min value and 200 as the max value, but
you can set it to whatever value that suits your environment.

<server>

<name>TestServer</name>

<self-tuning-thread-pool-size-min>100</self-tuning-thread-pool-size-min>

<self-tuning-thread-pool-size-max>200</self-tuning-thread-pool-size-max>

...

</server>
NOTE: If you set the values in both the JVM arguments and config.xml, the
values in the JVM arguments will overwrite the values you defined in
config.xml.

1. Step 1. Install Tomcat and verify that it is working properly

2. Step 2. Install Apache and verify that it is working properly
3. Step 3. Shutdown both Apache and Tomcat
4. Step 4. Install the mod_jk rpm file
5. Step 5. Edit the configuration files, httpd.conf, mod_jk.conf,
workers.properties, server.xml
6. Step 6. Start Tomcat
7. Step 7.Start Apache
8. Step 8.Verify that everything works

Default HTTp sesson is 30MIN (we can configure in web.xml file)

Eden Space (heap): The pool from which memory is initially allocated for most objects.

Survivor Space (heap): The pool containing objects that have survived the garbage collection of the Eden
space.

Tenured Generation (heap): The pool containing objects that have existed for some time in the survivor
space.

Permanent Generation (non-heap): The pool containing all the reflective data of the virtual machine
itself, such as class and method objects. With Java VMs that use class data sharing, this generation is
divided into read-only and read-write areas.

Code Cache (non-heap): The HotSpot Java VM also includes a code cache, containing memory that is
used for compilation and storage of native code.

The second option we can use to produce higher throughput is to garbage

collection. We can roughly divide GC algorithms into 2 categories:
parallel and concurrent. Parallel GC stops the execution of all the
application and performs the full GC, this generally provides better
throughput but also high latency using all the CPU resources during GC.
Concurrent GC on the other hand, produces low latency but also low
throughput since it performs GC while application executes. The JRockit
JVM provides some useful command-line parameters that to control of its
GC scheme like -XgcPrio command-line parameter which takes the following
options;

XgcPrio:pausetime (To minimize latency, parallel GC)

XgcPrio:throughput (To minimize throughput, concurrent GC )

XgcPrio:deterministic (To guarantee maximum pause time, for real time systems)

Sun JVM has similar parameters (like -XX:UseParallelGC or

-XX:+UseConcMarkSweepGC) to control its GC scheme. We can add -verbosegc
-XX:+PrintGCDetails to monitor indications of a problem with garbage
collection.

Try configuring JVM’s of all managed servers to execute in -server mode

to ensure that it is optimized for a server-side production environment.