Remove a File Lock on Windows 2008R2

Sometimes you need to remove a locked file in a windows environment, and this should do the trick:

Open Administrative Tools -> Share and Storage Management -> Actions -> Manage Open Files

Here you are able to see all locked files and folders on this server.  To clear a lock, select the relevant file and click “Close Selected”. Note that this should only be done if the user definitely is not using the the file, otherwise data loss may occur.

TraceMagic

I have not worked much with this tool, but I have done a little playing around with it, and it produces some great information.

PeopleSoft Says:  TraceMagic is a utility that gives PeopleSoft system administrators, programmers and support engineers the ability to quickly isolate performance bottlenecks in SQL Statements and/or PeopleCode functions. It accomplishes this by turning the text-based, time-ordered tracesql file into a sortable-grid display, allowing the user to quickly locate system performance issues.

Check out My Oracle Support Case:  TraceMagic: Utility for analyzing *.tracesql trace files (Doc ID 1470578.1)

 

Tuxedo Version

A quick way to ensure that you have the correct version of tuxedo running with the rolling patches in place is to running the following command:

tmadmin -v

You can also look for a file called patchlev in the udataobj directory and view it with a text editor. The last number in it shows you the patched level.

IB – Loading Gateway using SSL link fails

When configuring your PeopleSoft environment to use Integration Broker using a secure gateway, sometimes you will get a messaging telling you that the gateway connectors cannot be loaded.  If you use the http:// address it will work but as soon as you use the https:// link it fails to load.

If you check the application server logs, you will most likely find a message:

PSJNI: Java exception thrown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain

This is assuming that you have the SSL certificate installed in the keystore correctly and you are able to get to the PIA site using the https address without issue.  The root certificate associated with your SSL certificate is not in the certificates stored within PeopleSoft.  If you navigate to:  PeopleTools > Security > Security Objects > Digital Certificates, you can click on a + link and select a root ca, and then give it a description, refresh the page and then click on the import link, next you need to insert your certificate data for each root certificate.  There are several ways to get the root ca certificate, just note that you may need to insert the intermediate certificates as well.

Wildcard Certificates and PeopleSoft keystores

I love to use the wildcard certificates that you can get from providers like godaddy.  However, there is a serious problem once you create your CSR and generate your certificate and import it into your keystore.  It works great on this system, but I just said it is a wildcard certificate!  So when I go to my next system and I want to use the same certificate what am I to do, if I generate a new CSR it will revoke my other servers certificate.  I need the private key from the original certificate and I haven’t found a nice way to make that in PeopleSoft yet.

I had a client give me their wildcard certificate in a pkcs12 (pfx) format which PeopleSoft does not like at all.  However I find this great command that will take the pfx certificate and convert it into its own JKS keystore.  This works awesome, all I need to do is import the root and intermediate certificates into the keystore which are almost always available from the certificate provider and now I have a keystore that works within PeopleSoft and once I assign the keystore and assign the alias within the weblogic console, I am ready to go!

keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

I found that I can create a keystore and a new private key / CSR using Portecle which is a great tool for working with keystores. Once I create a new CSR and use the CSR to generate a wild card certificate, I import the certificate into the keystore and import the root and intermediate certificates into the keystore and then save the keystore in JKS format, and I am good to go! Put the new keystore into the keystore folder within your PIA site ({domain}\piaconfig\keystore). Next you need to go into your weblogic console and set the PIA domain to accept the new keystore and assign the alias from the keystore for the SSL certificate.