Wednesday, June 2, 2021

EPM LDAP migration to Microsoft Azure

 Recently faced issue in one of my colleague - friend's account on weekend. Thank you Apurv for including me in this issue and resolution process. 

Something new to learn 😃

Issue: Hyperion HFM workspace was only accessible with ADMIN credentials. Business users cannot perform any action within HFM.

Cause: Host Name for ‘LDAP Active Directory’ server changed due to Migration of server to MS-Azure cloud. (Note: Domain name kept same but Volvo HFM was using Host Name to connect Active directory).

Resolution:

  1. At first, this looks very easy to update the Host Name in current LDAP Active Directory. But this failed miserably. By updating Host Name, HFM workspace became inaccessible with any credentials (including Admin credentials though they are part of Native Directory).
  2. The solution keeping in mind that ‘No credentials allowed to log into HFM workspace’.
    1. Deactivate LDAP Directory connection from backend (Through CSSConfig method).
    2. Restart the EPM Services. Server reboot is mandatory.
    3. Then accessing env with admin credentials to add new LDAP connection.
    4. Restart the EPM Services. Server reboot is mandatory.
  3. CSSConfig Method:
    1. Go to Foundation server. Access ‘C:\Oracle\Middleware\User_projects\epmsystem\bin
    2. Execute command ‘epmsys_registry.bat view shared_services_product’. This will generate a fresh CSSConfig file which is containing LDAP connection details.
    3. Open CSSConfig file in Notepad Editor and here you can Deactivate the already present LDAP directory from <Search Order> section. (Note: Do not remove NATIVE directory from file).
    4. To check if you have done the changes correctly in CSSConfig file, rename it to CSSConfig.xml and check if changes are reflecting correctly while opening XML file in browser.
    5. After editing the CSSConfig file, execute ‘epmsys_registry updatefile shared_services_product/@CSSConfig CSSConfig.xml’ to upload the properties within Shared services.
    6. IMP Notes:

                                                               i.      Perform these actions while keeping EPM service running

                                                             ii.      If you are using clustered environment, you have to make changes only on 1 Foundation server & then it will reflect in the other servers too.

                                                           iii.      Reboot of Server is mandatory after this step.

                                                           iv.      After starting the EPM services, wait for Foundation_services & RA_Framework to produce log as ‘RUNNING MODE’. This is crucial because in some cases EPM service restart does not mean complete start of Shared Services. You can check ‘sysout’ logs to reflect ‘RUNNING MODE’.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)