Why... Why... Why?
This blog is dedicated to documenting error resolution and other tidbits that I discover while working as a Consultant in the Oracle EPM (Hyperion) field. As much of my job revolves around issue resolution, I see an opportunity to supplement the typical troubleshooting avenues such as the Oracle Knowledgebase and Oracle Forums with more pinpointed information about specific errors as they are encountered. Beware, the information found in this blog is for informational purposes only and comes without any warranty or guarantee of accuracy.

EPMVirt: Create your own Oracle Hyperion Virtual Environment:

Wednesday, October 23, 2013

Workspace (RA) Hangs when Implementing Firewall

Recently, I was implementing RA through a firewall. I discovered that Workspace would hang during login.

Looking through the logs I noticed some stuck threads in the RAFrameworkWeb logs,
which is more than the configured time (StuckThreadMaxTime) of "600" seconds. Stack trace:Thread-204 "[STUCK] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'" <alive, in native, suspended, priority=1, DAEMON> {    java.net.PlainSocketImpl.socketConnect(PlainSocketImpl.java:???)....java.lang.Class@10a184ba[thin lock]    com.sqribe.WS.WebSQRIBE.loginToRepository(Unknown Source)
This means something is unable to connect during RA initialization. 

Checking the Windows firewall for dropped packets (after configuring logging of dropped packets)

2013-10-10 23:15:43 DROP TCP xx.xx.xx.xx xx.xx.xx.xx 5613 32631 48 S 3865585991 0 8192 - - - RECEIVE

Apparently, some higher level ports are being blocked... What is process is being blocked?
I looked further at the netstat output to see what ports were LISTENING on the node, 

Netstat -a -n -o 
  TCP               LISTENING       9256
  TCP               LISTENING       9256
  TCP               LISTENING       9256
  TCP               LISTENING       9256
  TCP               LISTENING       9256
  TCP    xx.xx.xx.xx:30298              LISTENING       9256
  TCP    xx.xx.xx.xx:30332              LISTENING       9256
  TCP    xx.xx.xx.xx:30365              LISTENING       9256
  TCP    xx.xx.xx.xx:30400              LISTENING       9256
  TCP    xx.xx.xx.xx:30437              LISTENING       9256
  TCP    xx.xx.xx.xx:30472              LISTENING       9256
  TCP    xx.xx.xx.xx:30507              LISTENING       9256
  TCP    xx.xx.xx.xx:30540              LISTENING       9256
  TCP    xx.xx.xx.xx:30575              LISTENING       9256
  TCP    xx.xx.xx.xx:30611              LISTENING       9256

  TCP    xx.xx.xx.xx:30646              LISTENING       9256

There are a ton of 30k+ ports that that RA is listening on. Obviously, these are not being allowed through the firewall. The 9256 column is the PID, but also the common 6800 , 6801 ports identify this as the RA Framework Services. What is causing these higher number ports? 

Finally, after some digging in the KB,
How to Change BI+ EPM Workspace to No Longer Use Dynamic Port Allocation for Logins to Properly Configure the Firewall to Allow Connections. (Doc ID 1483777.1)

Hyperion BI+ - Version to [Release 11.1]

How to change BI+ EPM Workspace to no longer use dynamic port allocation for logins so you can properly configure the firewall to allow connections.


 1. Login to Workspace click  Navigate -> Administer -> R&A -> Web Applications
      Right click on Reporting and Analysis Framework Web-Application -> Select Properties -> Internal
        Change Pass Data Using Streams Instead Of Files to No -> click OK

 2. Restart RaFramework Web

Also, there is a small blurb in the EPM doc about this if you look carefully,

No comments:

Post a Comment