Beginning April 18, 2017, Oracle now considers any jar files signed with MD5 to be unsigned due to the security vulnerabilities with MD5 signatures. Starting with Java Runtime Environment (JRE) 1.8.0_131 (Java 8 Update 131), when it is used for running Oracle Forms (all versions), any jar files signed with MD5 will be blocked:

More information from Oracle on this may be found at

For any of your custom jar files, they will need to be re-signed without MD5 (MD5withRSA). It is recommended to use SHA-256 (or SHA-2).

As for the jar files which come installed with Oracle Forms (frmall.jar, frmwebutil.jar, etc.), if you are using Forms 12c ( or higher), you will have no problem running the application because the jar files are not signed with MD5. However, if you are running Oracle Forms 11gR2 or older (including, you will get this warning upon launching your application which will result in the application not launching at all. To fix this problem, you will have the following options to choose from:

  1. Upgrade to Oracle Forms 12c
  2. Apply Patch 19933795 to your Oracle Forms environment (see steps below to apply the patch).
    1. NOTE: This patch is only available for Oracle Forms versions and If you are using a version older than these, you will need to upgrade to either these versions or to 12c.
  3. Run a JRE older than 8u131 (not recommended due to increased security risks)
  4. Add your Forms site to the Exception Site List in each end user’s Java Control Panel (not recommended due to the fact that this will need to be done for every user’s PC)

If you decide to apply Patch 19933795 to your Forms environment after downloading it from My Oracle Support, you will need to run these steps:

  1. Shut down everything in your Oracle Forms environment (all WebLogic servers, Node Manager, and anything running within OPMNCTL).
  2. Extract the zip file containing the patch.
  3. Go into the extracted folder and then inside the 19933795 folder.
  4. Open up Command Prompt as an administrator and change the directory to the 19933795 folder.
  5. Set ORACLE_HOME to your Forms Oracle Home. Example: set ORACLE_HOME=C:\Oracle\Middleware\Oracle_FRHome1
  6. Append the PATH to include the OPatch folder inside %MW_HOME%\oracle_common. Example: set PATH=%PATH%;C:\Oracle\Middleware\oracle_common\OPatch
  7. Run opatch version to make sure that OPatch is working.
  8. Run opatch apply to apply the patch. Making sure that the Middleware home is the correct home for your Forms environment, type in y when it asks if the local system is ready for patching.
  9. When the patch is applied successfully, start up everything in the WebLogic environment.

After running the steps above, Oracle Forms should run normally.

NOTE: If you are using PITSS.CON for Forms 12c, although none of the PITSS.CON jar files will be blocked (they are not signed with MD5), the bundled frmwebutil.jar will still be using the MD5-signed jar file. Please contact PITSS Support at, and PITSS can provide you an updated jar file which is not signed with MD5 as a part of your maintenance agreement.

PITSS.CON’s module, Source Code Analytics, is a powerful tool which is able to fully analyze your application and provide information such as how many lines of code are in your application. In PITSS.CON version 16.2.2, there is a known bug where no results will appear when running the Source Code overview in Source Code Analytics against a pool. However, if you do not run this against a pool, the results will appear normally.

Fortunately, this will be fixed in the next release. In the meantime, a patch is available to fix the bug. Contact PITSS Support,, to obtain the patch. Once you receive the patch, you will need to run it (it is a .wrp file which is run similarly to a SQL script) with the MIG user. The script will create a package body in the MIG user which will fix the problem. NOTE: You must be licensed with the Source Code Analytics module in PITSS.CON in order to receive the patch.

Once the patch is applied, you will be able to see the results against a pool.

NOTE: This bug has only been reported with version 16.2.2. It has not been reported with older versions of PITSS.CON.

Starting with Oracle Forms 12c, it is required to install RCU schemas into an Oracle Database. Without the RCU schemas, it will not be possible to start up the WebLogic servers. It is advised to have the RCU schemas configured to have the passwords to not expire, but if this is not possible due to security restrictions, you will need to remember to reset the password to what was configured when the schemas were installed. The RCU schemas are (the <PREFIX> is the prefix specified during the installation which goes in front of the schemas):


In the event that the above five schemas especially <PREFIX>_OPSS expires, if the Admin Server is started up, it will fail to start due to the error, “ORA-28001: password has expired”. If you reset the password for the five schemas to what was configured previously, the WebLogic server will start up normally.

However, if you either are required to change the password to something different or if you cannot remember the password which was used, you will need to follow these steps to change the RCU password and have the WebLogic domain recognize the new password:

  1. Set the new password for the RCU schemas mentioned above. Make sure the accounts are also unlocked. If the accounts are locked for any reason, you may need to contact a DBA to unlock the users.
    1. Example: alter user FORMS_OPSS identified by <new_password>;
  2. When the five schemas’ passwords are updated, you must run a commit to apply the changes: commit;
  3. The Admin Server will need to be started up. However, we will need to start it up in a different way to avoid it from crashing upon startup. Go to $ORACLE_HOME/oracle_common/common/bin and run (or wlst.cmd in Windows)
  4. In WLST, run the following (you must use forward slashes ‘/’ even for Windows): modifyBootStrapCredential(jpsConfigFile=’/u01/oracle/middleware/user_projects/domains/FormsDomain/config/fmwconfig/jps-config.xml’,username='<PREFIX>_OPSS’,password='<NEW_PASSWORD>’)
    1. NOTE: Your path to jps-config.xml within $DOMAIN_HOME/config/fmwconfig may be different than the example above. Please specify the full path without using environment variables.
  5. Exit WLST: exit()
  6. Start the Admin Server. Although you will still encounter errors regarding the data source, the Admin Server will start up.
  7. Log into the Admin Console.
  8. In the top-left corner of the Admin Console, click “Lock & Edit“.
  9. In the Domain Structure in the left frame of the Admin Console, go to Services –> Data Sources.
  10. Click on the first of four (assuming you have not configured additional data sources beyond the four which come with Forms 12c) data sources.
  11. Go to the Configuration tab and then the Connection Pool subtab.
  12. Type in the new schema password in the Password and Confirm Password fields.
  13. Click Save.
  14. Repeat steps 9-13 for the remaining three data sources.
  15. In the top-left corner of the Admin Console, click “Activate Changes“.
  16. In the top-left corner of the Admin Console, click “View changes and restarts“.
  17. Click the Restart Checklist tab.
  18. Place check marks next to all four data sources, and click “Restart“.
  19. On the confirmation page, click “Yes“.
  20. The data sources will restart. They should be functional again in a few seconds.

After completing the steps above, you should be able to start up the remaining WebLogic servers as well as restart the Admin Server without encountering the errors again.

Source: Oracle Support Document ID 1682942.1

As of March 7, 2017, Mozilla has released the newest release of Firefox, version 52. Similar to what Google Chrome did about a year or so ago, Mozilla has now disabled the NPAPI plug-in which is required to run anything with Java such as Oracle Forms without using Java Web Start. What will happen is if Firefox is updated to version 52 and you try to access Forms, you will see a blank screen which will result in the Forms application to not start at all.

Fortunately, Mozilla has realized that businesses still need to use services such as Java during this transition, so Mozilla has released the Firefox “Extended Support Release” for version 52. This is a version of Firefox which is used by companies and organizations which need support for running Java with the NPAPI plug-in especially for mass deployments. The current ESR version of 52 will continue to allow the use of the NPAPI plug-in for Java through May 2018. The download link (to download the 32-bit Firefox 52 ESR for Windows 32 and 64-bit machines) may be found here:

After this is installed on your PC, you will be able to run Forms using Firefox again without the need of Java Web Start. This is important for anyone who is still running Forms 11gR2 (or older) which has no support for Java Web Start. However, if you are running Forms 12c, you may use Java Web Start which allows you to run Java (required for running Oracle Forms) without the NPAPI plug-in. Java Web Start allows you to run Oracle Forms 12c from any web browser (Internet Explorer, Firefox, Chrome, Edge, etc.). If you decide to use Java Web Start, the Firefox ESR is not necessary.

Sources: and


There is a known issue in PITSS.CON where reinstalling Source Control (also referred to as Version Control) causes Source Control to no longer appear as an option within PITSS.CON. This has been seen after you have upgraded from an older release to either 16.1 or 16.2.1. Users who upgrade from 15.4.2 or older to 16.2.2 (or users who are using 15.4.2 or older) will not experience the problem. This is only encountered after an upgrade and Source Control is reinstalled (not upgraded). Fixing the problem will require several steps to restore Source Control functionality in PITSS.CON.

  1. Upgrade your PITSS.CON (all users) to version 16.2.2. Do not worry about the Version Control user as we will reinstall it again.
  2. Once all users are upgraded to PITSS.CON 16.2.2, install Version Control again.
  3. In the PITSS.CON 16.2.2 installer, go into the “script_install” folder and locate the script, user_grants.sql. Create a copy of the script and open it in Notepad.
    1. VC_3
  4. In the copied file, replace “&NEW_USER” with your Version Control user (e.g. “VC”). Save and close the file.
    1. VC_4
  5. Open up Command Prompt, and navigate to the folder with the updated script.
    1. VC_5
  6. Launch SQLPLUS with the MIG user and run the script.
    1. VC_6
  7. Log out of SQLPLUS and navigate to the “script_vc” folder located inside the “version_control” folder in the PITSS.CON setup folder.
    1. VC_7
  8. Log into SQLPLUS with the Version Control user and run the script “pitsscon.sql”.
    1. VC_8
  9. When asked to type in the setup folder path, type in the directory where Version Control was installed and press “Enter” (e.g. C:\pitsscon\vc).
    1. VC_9
  10. If you see the error, “ORA-02291: integrity constraint (MIG.SELF_REF) violated – parent key not found”, run the following SQL commands with the Version Control use
    1. INSERT INTO “MIG”.”PITSS_CON” (ID_TOOL, NAME_TOOL, DESC_TOOL, TYPE_TOOL, COLOR) VALUES (’80’, ‘Source Control’, ‘Application and Development Process Management’, ‘FOLDER’, ‘r56g120b184’);
    2. INSERT INTO “MIG”.”PITSS_CON” (ID_TOOL, NAME_TOOL, DESC_TOOL, TYPE_TOOL, PARENT_ID, FORM_ASOC, ICON) VALUES (‘8010’, ‘Source Control’, ‘Secure, version and track changes to application files and Oracle DB objects.’, ‘TOOL’, ’80’, ‘vers_control’, ‘vc_add_files_wb’);
    3. commit;
    4. VC_10
  11. In the PITSS.CON database, query the MIG_PITSSCON_USERS table, and look up (and write down) the USER_ID attributes of all installed PITSS.CON users except for MIG.
    1. VC_11
  12. Return to your SQLPLUS session (as the Version Control user) and run the following command for each PITSS.CON user other than MIG. The <USER_ID> attribute should be the value of the attribute for the PITSS.CON user you are updating.
    2. VC_12
  13. Commit all changes: commit;
    1. VC_13

After making the above changes, the Source Control button should be available again in PITSS.CON.


NOTE: For Forms 12c, when you enter Source Control, and you notice that you are unable to log into your Source Control user other than Administrator, there might have been a corruption when upgrading previously to 16.1 or 16.2.1. A full reinstall of PITSS.CON including the MIG user may be required. Please contact PITSS Support at for instructions on how to reinstall MIG and preserve your PITSS.CON license. This particular issue has currently not been seen when upgrading from PITSS.CON 15.4.2 or older to 16.2.2.

In Forms 12c, there has been a random occurrence where trying to access Forms (or even a non-Forms resource) with OAM using a webgate that the following error will be presented:

“Internal Server Error”

If this occurs even after clearing the Web browser cache, you will need to perform the following steps to fix the problem:

  1. Go to $DOMAIN_HOME/servers/ohs1/cache
  2. Back up everything in the folder and move the backup elsewhere
  3. Delete everything in the cache folder

After applying the steps above, the error should disappear.

For Oracle Forms 11gR2 and 12c protected by OAM using WebGate, there are known reports where users may encounter errors after being logged into the application for 60 minutes:

FRM-92091: Unexpected fatal error in client-side Java code


FRM-92102: A network error or server failure has occurred

The reason for these errors is because the “Token Validity Period” is being reached. This is a setting configured in the webgate agent. By default, this parameter is set to 60 minutes or 1 hour. This means that regardless if the end user has been using Forms for a full hour or if the user has left his or her Forms session idle for an hour, a timeout will occur. To solve this problem, the Token Validity Period setting in the webgate agent will need to be increased to a value (in minutes) where end users will not encounter these errors (i.e. 480 minutes (8 hours) or 540 minutes (9 hours)). You will need to determine the amount of time before this timeout occurs.

NOTE: When you update the Token Validity Period for the webgate, you will need to redeploy the WebGate files generated in the $OAM_DOMAIN_HOME/output/<WebGateAgentName> directory into the OHS home’s webgate/conf folder as well as restart OHS.

After making the change above, the errors should no longer occur once 60 minutes has passed.

Source: Oracle Support Document ID 2178936.1

There is a known bug in Oracle Forms 12c that the DATETIME item in Forms is set to a different time than what is configured in the Windows or UNIX server. Oracle Support has reported this issue in AIX, but it has been seen in both Windows and Linux as well. The easiest way to work around this bug is to configure the following environment variable to GMT in your env file (e.g. default.env):


NOTE: Normally when you do not set this variable, the system defaults to GMT, but this is necessary in 12c.

This should correct the time issues, but if for any reason any datetime fields are out of sync still, you may also need to set the following variable to GMT:


Source: Oracle Support document ID 2139346.1

Oracle HTTP Server (OHS) can be used to redirect users to a new site when a particular URL is specified. This is useful if you would like to have users go to a new domain or website if they still would like to access an old URL. A RewriteRule can be written in httpd.conf (for HTTP) and/or ssl.conf (for HTTPS) to perform this. This can be implemented in both 11g and 12c. The following steps are written for 12c, but they can also be used for 11g to redirect traffic from the starting OHS page (http://server.domain:<ohs_port>) to another page:

  1. Log into EM Fusion Middleware Control.
  2. Go to the Target Navigation (you may have to click the button in 12c to access the menu), expand HTTP Server, right-click on ohs1, go to Administration –> Advanced Configuration.
    1. Target Navigation
  3. If you are using 12c, click the lock button in the top-right corner, and select “Lock & Edit”. If you are using 11g, you may skip to step 4.
    1. Lock and Edit
  4. Select “httpd.conf” in the drop-down menu and click “Go”.
  5. Scroll to the very bottom of the file. Add the following three lines:
    1. RewriteEngine On
      RewriteCond %{REQUEST_URI} ^/$
      RewriteRule ^(.*)$ http://<server>.<domain>:<OHS_PORT>/newhtml.html [R,L]
    2. NOTE: You may also redirect to a new domain such as <newserver>.<newdomain> using the same rewrite rule parameter.
    3. RewriteEngine
  6. Click “Apply” to save all changes.
  7. If you would like to also perform a redirect when using HTTPS, you may apply the same changes for ssl.conf. If you do not need to do this, please skip to step 9. However, when adding these three lines in ssl.conf, it should be before the closing </ifModule> tag and the rewrite rule should use HTTPS. You may use the screenshot below as an example.
    1. RewriteEngine SSL
  8. Click “Apply” to save all changes.
  9. (Skip to Step 10 if you are using 11g). In the top-right corner, click the lock button and select “Activate Changes”.
  10. Restart OHS.

After applying the steps above, when the index.html page is accessed of your OHS server using http(s)://<server>.<domain>:<OHS_PORT>, the URL will be immediately redirected to the page you specified in the RewriteRule.

By default, if you were to access the showjobs page of your Oracle Reports 11g or 12c environment, any user is able to view the page and open up the reports even if they contain confidential information. There is a way you can configure the showjobs to where only specific users can access this page or any of the Reports admin pages (steps written for 12c but they will also work for 11g):

  1. Open up (make a backup first) located in $DOMAIN_HOME/config/fmwconfig/servers/WLS_REPORTS/applications/reports_12.2.1/configuration.
  2. Locate the line <webcommandaccess>L2</webcommandaccess>. Change L2 to L1.
    1. L1 will only permit end users to use the non-admin rwservlet commands GETJOBID, KILLJOBID, SHOWAUTH, and SHOWJOBID.
  3. Save and close the file.
  4. Open up rwserver.conf (make a backup first) located in $DOMAIN_HOME/config/fmwconfig/components/ReportsServerComponent/$rptsvr.
  5. Near the bottom of the file, look for the line <queue maxQueueSize=”1000”/>. Immediately after this line, add the following line:
    1. <identifier encrypted=”no”>username/password</identifier>
    2. NOTE: After you restart WLS_REPORTS and rep_server1, the credentials will be encrypted. Also, you may create any username/password combination you like. It does not need to be what is configured in weblogic or in the database.
    3. rwserver.conf update
  1. Save and close the file.
  2. Restart both WLS_REPORTS and the standalone reports server.
  3. Try to access showjobs normally. You should be presented with the following error:
    1. REP-52262: Diagnostic output is disabled
    2. REP-52262
  1. Now, add “?authId=username/password” to the end of the URL. Notice how the showjobs page appears.
    1. showjobs working
  1. If you were to reopen rwserver.conf, notice how the credentials are encrypted:
    1. rwserver.conf encrypted

Source: Oracle Support document 1242614.1 (Steps in the Oracle Support document are written for 11g)