About Me

My photo
I work for Fusion5 Australia . Connect with me on linked in here . I'm raising money for a good cause at the moment, follow donate to leukemia foundation

Thursday, 15 February 2018

JD Edwards - JDE and the bot - your turn to play!

Want to know how easy it is to use voice and JDE?

This is it!

Purchase order approvals:

This is a sample PO approval conversation

You can talk to our bot about JDE.

For instance, ask it if you have any purchase orders to approve today?

You can then ask it, tell me about the second one (or 6th or 12th)

You can ask it to approve that order, it will prompt you for a reason - and it's done.

Meter readings:

This is a sample Meter Reading update

What is the current meter reading for yellow digger?
add 4 to that.

Job done...

These are very simple interactions that we can enable for you and your  installation of JDE.  This is using the power of AIS (or/and orchestration) if you like to create real-time integrations with JD Edwards.

Not only does this bot do what you ask, but it learns from your interactions.  We can also teach it how to react to certain requests.

Wednesday, 31 January 2018

Setting up security for Orchestration Studio 6.0

Let's fix UDO security for orchestration notification button

Cannot add orchestration

Also cannot see the notifications button...

Make sure that you have these UDC's, the list below is correct for 9.2
I was able to change the security setting below for NTF
Security before:

Clear cache from SM
Reset the cache (JDBj) via server manager


Great, now I can add notifications!

Let's fix the security for orchestration now.

Above can now be chosen
Create UDO action security for NTF, SCHEDULE and ORCH


Should look like below

Now we can add a new orchestration!

imageNow lets download some samples to view what we need to orchestrate
Note that there is a download type of EnterpriseOne Orchestrator

Now goto tools menu from orchestration login

Import files, hit the BIG brown button

Save the par files and rename them to zip files.


Choose the file from the downloaded items


It shows you the included operations, note that these include orchestrations and service requests

Nice, we can now choose to edit the components

We can also see all of the edit controls, because our UDO security is correct

Sharing orchestrations

I’ve been developing some orchestrations and am having a great time, no honestly.  There is so much power and so much productivity that you can implement using orchestration.  Notifications and subscriptions (although a little clunky) are also very cool.  I’ll do a bunch of blogging in this area, as it’s very cool.

But, let’s focus on a little issue I have.

I’ve been testing JD Edwards transaction processing (TP), locking and reservations using HTML, AIS and orchestration.  This involves different users and often different users trying to run the same code.

I WAS logging into the orchestrator and exporting my zip files and then importing with another user.  This is nice and easy, but not the correct way of doing things.

When calling with the alternate user, I get

{   "message" : "Endpoint not defined: POandVoucherCombo. Add the orchestration, or make sure it is shared to this user.",   "exception" : "java.lang.Exception",   "timeStamp" : "2018-01-31:02.28.59"

Method 1: save and restore:


Login to orchestration studio as user that created the orchestration.

edit the orchestration

Choose the export button, then ALL (this will include the rules and service requests and everything).



Find the tools exit and choose import


Easy, choose the zip file that you created and you are away


Note they exist for me.  If they did not – just tick the box and choose submit!

Method 2: Fix security – share the UDO

run P98220U


You’ll see orchestrations of various status

The orchestration that I’m dealing with is below, note that I’ve already selected the publish button.  My only options now are to reserve it so that I can publish it again.


Note that if I select reserve


The P9822OU changes immediately to editing


Let’s hit the request



And now it’s pending in JDE


How cool, the comments are in the MO – love it!


Lets share this awesome orchestration


Easy!!! – shared with public!


Unless you have it reserved, you cannot use it in the client:


So, you need specific security for the UDO to be able to run and see the shared orchestration

From P98220U


Now choose the “Revise View Security” tab


Enter the user names to share to and click SAVE (unlike me)


And now!


{   "message" : "ServiceRequest P0411OpenAndUpdateLedger.xml := java.io.IOException: P0411OpenAndUpdateLedger Not Found.  Check permissions of the UDO.",   "exception" : "java.lang.Exception",   "timeStamp" : "2018-01-31:03.04.48"

Okay, at least I get a different error now, this is a service request security problem, not orchestration problem.  I can fix that with all of the above mechanisms.

Tuesday, 30 January 2018

Error Error: Login Failed User is not included in the AIS server White List, contact your server administrator

I just created a new user, essentially GOD in JDE.

but it gets the following error when trying to log into the orchestration suite:

Note that it does not get this error when logging into the orchestration client (directly to AIS), so the error is a little bit strange!

A quick check of support.oracle.com shows me an error found in - great -that is our release.

go here:  https://support.oracle.com/epmos/faces/DocContentDisplay?_afrLoop=249178588426576&id=2040956.1&_afrWindowMode=0&_adf.ctrl-state=10h8xp9h9n_145

Funny thing is that is works as JDE, but not as another user.  So I decided to follow the following option2 (as option 1 was for windoze).

Option 2:
a. take a backup of the config.xml file found in the 'WebLogic_home\user_projects\domains\AISDomainLocation\config' directory
b. add the '<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>" entry to the config.xml just before the closing
tag of the Weblogic Server domain:


backup your config.xml file from you domain home config dir

[oracle@ip-10-10-1-235 config]$ cp config.xml confix.shannon.xml
[oracle@ip-10-10-1-235 config]$ pwd

vi this file and add the line in bold


Note that I had my AIS server, ADF and everything under the same home.  So I do not need to do this multiple times for multiple config.xml's

The fact that I get this problem with orchestration studio, means that I need to restart 9401, but I'll probably do my AIS server also.

Okay, so none of that made any difference.  It seems that you need to add this to the AIS server config for allowed users...

Change the SM view to advanced, then general.

Admin Service Allowed User List Help

Once I did this and synchronised rest.ini, then stopped and then started...  

We finally could login as another user.

Monday, 22 January 2018

Transaction processing & locking in JDE

“To lock or not to lock” – that is the question!

To say that JDE does not do any locking is not quite true…  It calls the database functions that do the locking, so it does have a lot of responsibility in this.

Let’s look at a simple scenario, SOE and stock commitment…  Wait, that is not simple at all – but it’s understandable!

We have a person entering a sales order.  We know that this goes across a number of screens in JDE -

We know that this adds records to a number of tables

We want integrity in our database

We do not use fancy things like foreign keys – we use application logic to enforce transactional boundaries and we use database agnostic manual commits.

There are two things at play here though…  Locking and transaction processing…  They work together but are not necessarily the same time.


Let’s look at locking by itself.  I’m using a lot of information from here https://docs.oracle.com/cd/E24705_01/doc.91/e24234/record_locking.htm#EOTBF00095

I’m also reaching back to when I was programming and before JDE in C…  dark repressed memories.

In the scenario of SOE, we don’t really want to lock anything, as they are really new lines being added to a bunch of tables.

We do however want to lock the inventory for the orders so that there is enough to fulfill the order – so this is the lock we are talking about

We want to select for update over the F41021 (?) so ensure that we have enough inventory and then update when the order is committed.

JD Edwards does locking in two ways, optimistic and pessimistic.

optimistic is half glass full locking.  This is where you do not expect any problems, but if there are – you have a solution.  This involves manually checking timestamps and things…  If there is a situation, deal with it then.

pessimistic is where you ensure that there is never going to be a conflict – coz you’ve prevented it in the first place.  You are selecting the record for update (i.e. selecting the current stock levels)  and then you update when you are ready and the lock goes away.  Note that this is different to including the update in a transaction (with your inserts into the F4201 and F4211 – as they are naturally going to lock the record that is in the transaction boundary)…  See how they are the same but different.

Transaction Processing.

As demonstrated above, TP actually enforces pessimistic locking at the database level.  If you are doing an update as part of a transaction, the database is going to lock that record until the commit (or rollback) is issued, this is the purpose of TP and Multi Statement Transactions (MST).  Hopefully your database has row level locking and then you are not going to cause cascading of locks to pages and then tables… arrgghhh.

Transaction processing is all about manual commits.  It’s a series of transactions to databases with commit points, any errors will rollback the entire transaction – not just a single statement. handy.

Note that this DOES get more difficult with JDE.  We have this awesome thing called OCM which allows us to distribute logic and data.  Different logic locations can enforce a single transaction (using native DB tech like DTP Distributed Transaction Processing – I hope), neither will different data sources (event if they point to the same database).  This is because JDE opens the database connection and sets the commitment mode to manual or automatic.  It cannot programmatically enforce these boundaries with non standard logic and data setups.  This does get pretty complex under the scenes – stay standard and you will not have a problem.

Note that you also must look out for a BSFN (that runs on the enterprise server locking a record) and then having java code (or JDBC) reading or manipulating the same data – you are going to create some problems if they are not part of the single transaction. 

Want to know all of the areas in JDE that use TP?


Some of your purists out there might be surprised by the small number of listed programs (both batch and interactive).

You might be asking yourself about dirty reads

Not magazines passed around the boarding house… NO!  different dirty reads.

I’m talking about the above scenario when you are updating and inserting records in the database as a single transaction – do you allow people to see the uncommited version of the data or the commited version? Lets be honest for OLTP, you should only see committed data.  (You can see that massively parallel databases and noSQL databases might do something else).

This introduces the concept of isolation level

  1. Level 1: READ COMMITTED
    • This is default setting in SQL Server to prevent SQL from dirty read (which reads dirty page which is (not-yet) committed data)
    • This is to read uncommitted data that is, intentionally to have dirty read



There seems to be enough tools and examples of TP and locking in the existing JD Edwards code and base code for you to be able to create some tight code, whether you are half glass full (optimistic) or half glass empty (pessimistic).  Remember that you need to manually do this locking if you are using technology like BSSV by using The startPublishedMethod, finishPublishedMethod, and close methods.  If you are using AIS, you are going to benefit from inheriting the TP functionality from forms that you are calling!  Nice.

Note that if you are manually calling BSFN’s – all at your own peril!

Friday, 15 December 2017

Quick assist on managing multiple WLS domains on a single Linux box and Server Manager

It's becoming more common to have a number of weblogic (WLS) domains on your web servers.  This is because that every component that is being released requires it's own J2EE container - and you might want a separate one for ADF and traditional web.  So, you create a couple of domains.

This is a good idea, but there are a couple of things to remember - each domain generally has an adminServer, and this can use quite a bit of memory - especially when you start creating multiple domains with multiple admin servers.

The dir structure generally looks like this:

[root@E1WEBv3 domains]# ls -l
total 20
drwxr-x---. 20 Oracle Oracle 4096 Dec 14 14:59 ADF_Apps
drwxrwxrwx. 18 Oracle root   4096 Oct 27 23:31 E1_Apps
drwxrwxrwx. 12 Oracle root   4096 Oct  7  2015 x_medrec
drwxrwxrwx. 12 Oracle root   4096 Oct  7  2015 x_medrec-spring
drwxrwxrwx. 13 Oracle root   4096 Oct  7  2015 x_wl_server
[root@E1WEBv3 domains]# pwd


You can see that I have ADF_Apps and E1_Apps in my home.  These can also be seen in server manager:

You cannot really tell from the front screen how many domains you have.  You should name things properly so it's obvious.  If you are introducing and naming a new domain, put that word into the text description!

This is a much better view and is hierarchal, we can see our domains and our admin servers and the various JDE components that we have running in each.

The main purpose of this post is to show you what you need running to be able to manage your  managed servers and managed instances.

If you click on the domain items, you'll see a table like:

Cluster Name
Managed ServerMachineListen PortRelated Managed Instances Help
{not clustered}AdminServer  (Running )SampleMachine17001None
{not clustered}myAccess  (Failed )SampleMachine19204
{not clustered}myAIS_TR  (Stopped )SampleMachine19224
  • myAIS_TR (EnterpriseOne Application Interface Services)
{not clustered}myAIS_MYDEMO  (Running )SampleMachine19223
  • myAIS_MYDEMO (EnterpriseOne Application Interface Services)
{not clustered}MYDEMO_9203  (Running )SampleMachine19303
{not clustered}myAIS_PY  (Failed )SampleMachine19221
  • myAIS_PY (EnterpriseOne Application Interface Services)
{not clustered}myAIS_DEMO  (Running )SampleMachine19222
  • myAIS_PD (EnterpriseOne Application Interface Services)
{not clustered}ADFServer  (Running )SampleMachine19266None
{not clustered}SMC_Server_EOne_ManagementConsole_Console  (Running )SampleMachine18999None
{not clustered}JPY920_9202  (Running )SampleMachine19202

None of these links will work, don't worry.  but you can see the ports for the domain's admin server

You'll also see the root install dir for WLS in /U01/Oracle/Middleware

I'm getting the following, what do I do?
  1. Server 'IOT_Server' could not be started: Start task failed: Connection refused. Could not connect to NodeManager. Check that it is running at /
    Failure during invoke:invoke(, , start) javax.management.MBeanException : Server 'IOT_Server' could not be started: Start task failed: Connection refused. Could not connect to NodeManager. Check that it is running at /

I can see that this is for the ADF_Apps domain, so let's start the nodeAgent - or at least check that it's running:

[root@E1WEBv3 ADF_Apps]# pwd


Above is the root dir.  You can check for the process running.

[Oracle@E1WEBv3 ~]$ cd /U01/Oracle/Middleware/user_projects/domains/ADF_Apps/bin
[Oracle@E1WEBv3 bin]$ pwd
[Oracle@E1WEBv3 bin]$ user
-bash: user: command not found
[Oracle@E1WEBv3 bin]$ whoami


Make sure you are logged in as the user that owns the installation, generally oracle.

[Oracle@E1WEBv3 bin]$ ./setDomainEnv.sh

Ensure that you run the above.

[Oracle@E1WEBv3 bin]$ ps -ef |grep -i "weblogic.NodeManager -v" |more
Oracle    1690  1127  0 Jul24 ?        11:01:38 /usr/java/jdk1.8.0_60/bin/java -server -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/U
01/Oracle/Middleware/wlserver/../coherence -Dbea.home=/U01/Oracle/Middleware/wlserver/.. -Dweblogic.RootDirectory=/U01/Oracle/Middleware/user_pr
ojects/domains/E1_Apps -Xverify:none -Djava.endorsed.dirs=/usr/java/jdk1.8.0_60/jre/lib/endorsed:/U01/Oracle/Middleware/wlserver/../oracle_commo
n/modules/endorsed -Djava.security.policy=/U01/Oracle/Middleware/wlserver/server/lib/weblogic.policy -Dweblogic.nodemanager.JavaHome=/usr/java/j
dk1.8.0_60 weblogic.NodeManager -v
Oracle    8435  8394 19 10:57 pts/2    00:00:29 /usr/java/jdk1.8.0_60/bin/java -server -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/U
01/Oracle/Middleware/wlserver/../coherence -Dbea.home=/U01/Oracle/Middleware/wlserver/.. -Doracle.security.jps.config=/U01/Oracle/Middleware/use
r_projects/domains/ADF_Apps/config/fmwconfig/jps-config-jse.xml -Dcommon.components.home=/U01/Oracle/Middleware/oracle_common -Dopss.version=12.
1.3 -Dweblogic.RootDirectory=/U01/Oracle/Middleware/user_projects/domains/ADF_Apps -Xverify:none -Djava.endorsed.dirs=/usr/java/jdk1.8.0_60/jre/
lib/endorsed:/U01/Oracle/Middleware/wlserver/../oracle_common/modules/endorsed -Djava.security.policy=/U01/Oracle/Middleware/wlserver/server/lib
/weblogic.policy -Dweblogic.nodemanager.JavaHome=/usr/java/jdk1.8.0_60 weblogic.NodeManager -v
Oracle    8484  8307  0 10:59 pts/2    00:00:00 grep --color=auto -i weblogic.NodeManager -v

[Oracle@E1WEBv3 bin]$ 

Above will show you that there are two actually running

1 for E1_apps and 1 for ADF_Apps (see in the command for RootDirectory)

[Oracle@E1WEBv3 bin]$ ps -ef |grep -i "weblogic.NodeManager -v" |more
Oracle    1690  1127  0 Jul24 ?        11:01:39 /usr/java/jdk1.8.0_60/bin/java -server -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/U
01/Oracle/Middleware/wlserver/../coherence -Dbea.home=/U01/Oracle/Middleware/wlserver/.. -Dweblogic.RootDirectory=/U01/Oracle/Middleware/user_pr
ojects/domains/E1_Apps -Xverify:none -Djava.endorsed.dirs=/usr/java/jdk1.8.0_60/jre/lib/endorsed:/U01/Oracle/Middleware/wlserver/../oracle_commo
n/modules/endorsed -Djava.security.policy=/U01/Oracle/Middleware/wlserver/server/lib/weblogic.policy -Dweblogic.nodemanager.JavaHome=/usr/java/j
dk1.8.0_60 weblogic.NodeManager -v
Oracle    8435     1 11 10:57 pts/2    00:00:30 /usr/java/jdk1.8.0_60/bin/java -server -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/U
01/Oracle/Middleware/wlserver/../coherence -Dbea.home=/U01/Oracle/Middleware/wlserver/.. -Doracle.security.jps.config=/U01/Oracle/Middleware/use
r_projects/domains/ADF_Apps/config/fmwconfig/jps-config-jse.xml -Dcommon.components.home=/U01/Oracle/Middleware/oracle_common -Dopss.version=12.
1.3 -Dweblogic.RootDirectory=/U01/Oracle/Middleware/user_projects/domains/ADF_Apps -Xverify:none -Djava.endorsed.dirs=/usr/java/jdk1.8.0_60/jre/
lib/endorsed:/U01/Oracle/Middleware/wlserver/../oracle_common/modules/endorsed -Djava.security.policy=/U01/Oracle/Middleware/wlserver/server/lib
/weblogic.policy -Dweblogic.nodemanager.JavaHome=/usr/java/jdk1.8.0_60 weblogic.NodeManager -v

Oracle    8510  8307  0 11:01 pts/2    00:00:00 grep --color=auto -i weblogic.NodeManager -v

Interestingly when you kill the shell that started the nodemanager with nohup, the parent process moved to root (1).  That is nice, you nodeManager does not die.

[Oracle@E1WEBv3 bin]$ nohup ./startNodeManager.sh > /tmp/startNodeManager.log 2>&1 &

Above is a proper start command.  This will write logs to /tmp/startNodeManager.log

If you do this, it's terrible:

Oracle@E1WEBv3 bin]$ ./startNodeManager.sh &
[1] 8692
[Oracle@E1WEBv3 bin]$ NODEMGR_HOME is already set to /U01/Oracle/Middleware/user_projects/domains/ADF_Apps/nodemanager


Firstly all of the output goes to your shell

I thought it was going to kill nodeManager when I logged out of the session, but it remains!

Note that the domain based startNodeManager actually calls the server/bin startNodeManager.sh script!

You can kill the nodeAgent as much as you like and it will not affect any of your J2EE servers running.

If you kill the admin servers, nothing runs either (control commands from SM), but you can just run the start commands at the commandline for the current domain to get things running.

  1. Server 'IOT_Server' could not be started: Failed to connect to WebLogic. Make sure the domain administration server is running.
    Failure during invoke:invoke(, , start) javax.management.MBeanException : Server 'IOT_Server' could not be started: Failed to connect to WebLogic. Make sure the domain administration server is running.

Note that killing the admin Server also does not affect your existing instances running under the control of the admin server.

You cannot just start the admin server as a managedServer, see errors below

[Oracle@E1WEBv3 bin]$ pwd
[Oracle@E1WEBv3 bin]$ nohup ./startManagedWebLogic.sh AdminServer  > /tmp/startAdminServer.log 2>&1 &
[1] 9268
[Oracle@E1WEBv3 bin]$ 
[Oracle@E1WEBv3 bin]$ 
[Oracle@E1WEBv3 bin]$ 
[Oracle@E1WEBv3 bin]$ ps -ef |grep AdminServer
Oracle    9268  8768  0 11:20 pts/2    00:00:00 /bin/sh ./startManagedWebLogic.sh AdminServer
Oracle    9323  9269 99 11:20 pts/2    00:00:09 /usr/java/jdk1.8.0_60/bin/java -server -Xms512m -Xmx768m -XX:PermSize=256m -XX:MaxPermSize=512m -Dweblogic.Name=AdminServer -Djava.security.policy=/U01/Oracle/Middleware/wlserver/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.security.SSL.trustedCAKeyStore=/U01/Oracle/Middleware/wlserver/server/lib/cacerts -Djava.endorsed.dirs=/usr/java/jdk1.8.0_60/jre/lib/endorsed:/U01/Oracle/Middleware/wlserver/../oracle_common/modules/endorsed -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dopss.version=12.1.3 -Digf.arisidbeans.carmlloc=/U01/Oracle/Middleware/user_projects/domains/E1_Apps/config/fmwconfig/carml -Digf.arisidstack.home=/U01/Oracle/Middleware/user_projects/domains/E1_Apps/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/U01/Oracle/Middleware/user_projects/domains/E1_Apps/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/U01/Oracle/Middleware/user_projects/domains/E1_Apps/servers/AdminServer/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/U01/Oracle/Middleware/oracle_common/modules/oracle.ossoiap_12.1.3,/U01/Oracle/Middleware/oracle_common/modules/oracle.oamprovider_12.1.3,/U01/Oracle/Middleware/oracle_common/modules/oracle.jps_12.1.3 -Dweblogic.jdbc.remoteEnabled=false -Dcommon.components.home=/U01/Oracle/Middleware/oracle_common -Djrf.version=12.1.3 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/U01/Oracle/Middleware/user_projects/domains/E1_Apps -Doracle.server.config.dir=/U01/Oracle/Middleware/user_projects/domains/E1_Apps/config/fmwconfig/servers/AdminServer -Doracle.domain.config.dir=/U01/Oracle/Middleware/user_projects/domains/E1_Apps/config/fmwconfig -Doracle.mds.filestore.preferred= -Dadf.version=12.1.3 -da -Dwls.home=/U01/Oracle/Middleware/wlserver/server -Dweblogic.home=/U01/Oracle/Middleware/wlserver/server -Djavax.management.builder.initial=weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder -Dem.oracle.home=/U01/Oracle/Middleware/em -DINSTANCE_HOME=/U01/Oracle/Middleware/user_projects/domains/E1_Apps -Djava.awt.headless=true -Doracle.sysman.util.logging.mode=dual_mode -Dweblogic.management.server=http://E1WEBv3.mits.local:7001 -Djava.util.logging.manager=oracle.core.ojdl.logging.ODLLogManager -Dweblogic.utils.cmm.lowertier.ServiceDisabled=true weblogic.Server

Oracle    9344  8768  0 11:20 pts/2    00:00:00 grep --color=auto AdminServer

You need to actually start weblogic with startWebLogic.sh

startManagedWeblogic.sh only works when startWebLogic.sh has completed.

Note that you also want to nohup this bad boy, as it's pretty vocal.

But, now that the adminserver is running and the node manager is running, you can start things with SM.

Hopefully this gives you some skills in running commands from the command line to get your service processes up and running.