Monday 26 November 2012

OBIEE xmlpserver URL Login Issue

Issue with URL http://121.10.19.56:9704/xmlpserver
Unable to login to BI publisher through administrator user getting the below error:
oracle.apps.xdo.security.ValidateException


●● Change the Following file:
/obieeapp/oracle/OBIEE2/OracleBI/xmlp/XMLP/Admin/Configuration/xmlp-server-config.xml

Change No#1:
Old:
<property name="SECURITY_MODEL" value="BI_SERVER"/>
New:
<property name="SECURITY_MODEL" value="XDO"/>
Change No#2:
Old:
<property name="BI_SERVER_SECURITY_URL" value="jdbc:oraclebi://mkkobieesrv1:9703/"/>
New:
<property name="BI_SERVER_SECURITY_URL" value="jdbc:oraclebi://121.10.19.56:9703/"/>

Basically these are the relevant files to look into, in our case we changed only in xmlp-server-config.xml:
$ORACLE_HOME\oc4j_bi\j2ee\home\applications\xmlpserver\xmlpserver\WEB-INF\xmlp-server-config.xml
$ORACLE_HOME\xmlp\XMLP\Admin\Configuration\xmlp-server-config.xml
$ORACLE_HOME\xmlp\XMLP\Admin\Security\principals.xml

●● Shutdown all BI Related Services.
●● Assuming your OBI admin user is, 'Administrator' and its password is 'Administrator', Run the cryptotools utility to add 'bipublisheradmin' user alias
cd <OracleBI>/setup
. ./sa-init.sh >>> Use this instruction when you are running OBIEE 32-bit
. ./sa-init64.sh >>> Use this instruction when you are running OBIEE 64-bit
<OracleBI>/web/bin/cryptotools credstore -add -inFile <OracleBIData>/web/config/credentialstore.xml -alias bipublisheradmin -username Administrator -password Administrator -passphrase admin
/obieeapp/oracle/OBIEE2/OracleBI/web/bin/cryptotools credstore -add -inFile /obieeapp/oracle/OBIEE2/OracleBIData/web/config/credentialstore.xml -alias bipublisheradmin -username Administrator -password Administrator -passphrase admin
●● Start all BI Related Services.
Posted by at No comments:
Labels:

Sunday 11 November 2012

If SSO Integration in Place you cannot change the password from System Administrator, User Management, FND_USER_PKG


ORA-20001: APP-FND-02602: Unabled to change password for user [username] for this following reason:
This password is not managed by Oracle Applications so it can not be changed here..
ORA-06512: "APPS.APP_EXCEPTION", at line 72
ORA-06512: "APPS.FND_USER_PKG", at line 322
ORA-06512: "APPS.FND_USER_PKG", at line 1147
ORA-06512: at line 1

 This error occurs if you have both SSO-enabled E Business Suite (EBS) and are trying to use the OIM E Business Suite User Management connector to manage passwords in EBS. If you SSO-enable an EBS user, then their password is no longer stored in EBS, rather, it is stored in OID / SSO. As a result, EBS refuses to allow OIM to update the password.

 You cannot use the OIM E Business Suite User Management connector to manage passwords for SSO-enabled EBS users. You need to choose one of the following:
1. Do not use the Update Password feature of OIM EBS User Management connector, or
2. not to SSO enable E Business Suite 

 Change the %Application%SSO% Profile Options:
Application SSO LDAP Synchronization
Application SSO Login Types
Posted by at 2 comments:
Labels:

Assign Responsibility From Backend


Find the RESPONSIBILITY_ID from RESPONSIBILITY_NAME:

 select RESPONSIBILITY_ID,RESPONSIBILITY_NAME from FND_RESPONSIBILITY_VL where RESPONSIBILITY_NAME like 'Service%Contra%AMERICAS%CORE';

 Verify whether the User is already having the responsibility assigned:

 select USER_NAME,USER_ID from fnd_user where USER_NAME = 'MKHAWAS';
select USER_ID,RESPONSIBILITY_ID from FND_USER_RESP_GROUPS_DIRECT where USER_ID=29273 and RESPONSIBILITY_ID=53545;

 Assign the Responsibility Using the Following SQL:

 DECLARE

   v_user_name  VARCHAR2(30) := '&Enter_User_Name';
  Enter_Resp_Id  VARCHAR2(100) ;
  v_resp_appl  VARCHAR2(100);
  v_resp_key   VARCHAR2(100);
  v_appl_id    VARCHAR2(30);

 BEGIN
select APPLICATION_ID ,RESPONSIBILITY_KEY 
  into v_appl_id ,v_resp_key 
  from FND_RESPONSIBILITY_VL 
where RESPONSIBILITY_ID=('&Enter_Resp_Id');

 select APPLICATION_SHORT_NAME 
  into v_resp_appl 
  from FND_APPLICATION_VL   
where upper(APPLICATION_ID) = v_appl_id;

   fnd_user_pkg.addresp(username       => v_user_name
                      ,resp_app       => v_resp_appl
                      ,resp_key       => v_resp_key
                      ,security_group => 'STANDARD'
                      ,description    => 'Auto Assignment'
                      ,start_date     => SYSDATE
                      ,end_date       => SYSDATE + 1000);
END;
commit;
/

Posted by at 2 comments:
Labels:

How to Interpret the ACCOUNT_STATUS Column in DBA_USERS


The DBA_USERS.ACCOUNT_STATUS can have the following values :

 select * from user_astatus_map;

 STATUS# STATUS
0 OPEN
1 EXPIRED
2 EXPIRED(GRACE)
4 LOCKED(TIMED)
8 LOCKED
5 EXPIRED & LOCKED(TIMED)
6 EXPIRED(GRACE) & LOCKED(TIMED)
9 EXPIRED & LOCKED
10 EXPIRED(GRACE) & LOCKED

 These values are directly related to two features 'Account Locking' and 'Password Aging and Expiration'


Account Locking - LOCKED/LOCKED(TIMED)

 An account can be locked by a DBA or is locked automatically after a number of failed login attempts. 
When a PASSWORD_LOCK_TIME is defined, the account unlocks automatically after the set time: this is indicated by LOCKED(TIMED). The LOCKED(TIMED) value is what you always see if the account was locked due to the number of failed logins > FAILED_LOGIN_ATTEMPTS.

 You only see LOCKED if the account is explicitly locked during create or alter user/role.

 You may expect that when the account is automatically locked and PASSWORD_LOCK_TIME is set to unlimited, the account would appear as just LOCKED. This is however not the case: it still shows as LOCKED(TIMED). However the account never unlocks automatically because of the unlimited PASSWORD_LOCK_TIME (infinity).

 To add to the confusion, at some point it was decided that even if the account is locked automatically, we should not set it to LOCKED(TIMED) if the PASSWORD_LOCK_TIME is unlimited, since in that case the account would never automatically unlock, this would give up on a crucial piece of information, namely if the account was locked manually or automatically, this change was introduced in 11.2.0.1. However this change caused a regression in Bug 9693615 causing the lock_date to be NULL in dba_users in case the account was locked automatically, the fix to this bug backed out the change again and now we have the LOCKED(TIMED) for automatically locked accounts back with this fix

 So a DBA will know that when the ACCOUNT_STATUS is LOCKED(TIMED) that the lock was a result of a failed login attempt, even if the lock will not expire. In 11.2.0.1 (without the fix to Bug 9693615) you can verify if the account was locked automatically if the lock_date in dba_users is null.


Password Expiration - EXPIRED/EXPIRED(GRACE)

 A password can be set to expire, with or without a grace period:
●● When a password expires and no grace is defined, the password is set at EXPIRED, meaning that the user is prompted for a new password upon the next login attempt.
●● When a grace is defined, during the grace period, a warning is issued, and the ACCOUNT_STATUS is set to EXPIRED(GRACE).


Password Expiration and Account Locking are two separate features:

 ●● An account cannot be locked by exceeding the expire or subsequent grace time.
●● An account that is neither expired nor locked appears as OPEN (STATUS# 0),

 Since account locking (based on failed login attempts) and expiration (based on not changing password) are basically unrelated.

 In addition to the EXPIRED (1,2) and LOCKED (4,8) bits being set, you can have combinations of both with STATUS# 5,6,9 and 10: internally the STATUS# are added for the combinations of expired and locked.
For example : 'EXPIRED' + 'LOCKED' = 1 + 8 = 9 = 'EXPIRED & LOCKED'
Posted by at 4 comments:
Labels:

Issue with Debugging using PL/SQL Developer


ORA-0131: Insufficient privileges
Note: Debugging requires the DEBUG CONNECT SESSION system privilege

 grant DEBUG CONNECT SESSION to XXXXXXX;
grant DEBUG ANY PROCEDURE to XXXXXX;

Posted by at No comments:
Labels:

Database Sizing Related Parameters, Ready Reference for 1000+ Users

This is the parameter sizing I have used for 3 production instances  for 3 different clients... working good.... just putting here for easy reference:
*.sga_target = 14G
*.shared_pool_size = 3G
*.shared_pool_reserved_size = 300M
*.streams_pool_size = 150M
*.java_pool_size = 1G
*.pga_aggregate_target = 20G
*.result_cache_max_size = 150M
*.db_cache_size = 2G
*.large_pool_size=300M
*.db_keep_cache_size = 500M
*.db_writer_processes = 3
*.processes = 2500
*.sessions = 5000
*.open_cursors = 1500

Posted by at No comments:
Labels: ,

After 11gR2 Grid Infrastructure Cluster Installation, run Cluster Verification Utility to Verify Everything is Up and Running



After 11gR2 Grid Infrastructure Cluster Installation, run Cluster Verification Utility to Verify Everything is Up and Running

 [oraprod@mkkprodracdb1 grid]$ ./runcluvfy.sh stage -post crsinst -n mkkprodracdb1,mkkprodracdb2

 Performing post-checks for cluster services setup

 Checking node reachability...
Node reachability check passed from node "mkkprodracdb1"
Checking user equivalence...
User equivalence check passed for user "oraprod"
Checking time zone consistency...
Time zone consistency check passed.
Checking Cluster manager integrity...

 Checking CSS daemon...
Oracle Cluster Synchronization Services appear to be online.

 Cluster manager integrity check passed
UDev attributes check for OCR locations started...
UDev attributes check passed for OCR locations
UDev attributes check for Voting Disk locations started...
UDev attributes check passed for Voting Disk locations

 Default user file creation mask check passed

 Checking cluster integrity...
Cluster integrity check passed
Checking OCR integrity...

 Checking the absence of a non-clustered configuration...
All nodes free of non-clustered, local-only configurations
ASM Running check passed. ASM is running on all cluster nodes

 Checking OCR config file "/etc/oracle/ocr.loc"...

 OCR config file "/etc/oracle/ocr.loc" check successful
Disk group for ocr location "+PRODOCR1" available on all the nodes
Checking size of the OCR location "+PRODOCR1" ...

 Size check for OCR location "+PRODOCR1" successful...
Size check for OCR location "+PRODOCR1" successful...

 WARNING:
This check does not verify the integrity of the OCR contents. Execute 'ocrcheck' as a privileged user to verify the contents of OCR.

 OCR integrity check passed

 Checking CRS integrity...

 CRS integrity check passed

 Checking node application existence...

 Checking existence of VIP node application (required)
Check failed.
Check failed on nodes:
        mkkprodracdb2

 Checking existence of ONS node application (optional)
Check passed.

 Checking existence of GSD node application (optional)
Check ignored.

 Checking existence of EONS node application (optional)
Check passed.

 Checking existence of NETWORK node application (optional)
Check passed.
Checking Single Client Access Name (SCAN)...

 Checking name resolution setup for "mkkprodscan.mkkdomain.intranet"...

 Verification of SCAN VIP and Listener setup passed
OCR detected on ASM. Running ACFS Integrity checks...

 Starting check to see if ASM is running on all cluster nodes...

 ASM Running check passed. ASM is running on all cluster nodes

 Starting Disk Groups check to see if at least one Disk Group configured...
Disk Group Check passed. At least one Disk Group configured

 Task ACFS Integrity check passed

 Checking Oracle Cluster Voting Disk configuration...

 Oracle Cluster Voting Disk configuration check passed

 User "oraprod" is not part of "root" group. Check passed

 Checking if Clusterware is installed on all nodes...
Check of Clusterware install passed

 Checking if CTSS Resource is running on all nodes...
CTSS resource check passed
Querying CTSS for time offset on all nodes...
Query of CTSS for time offset passed

 Check CTSS state started...
CTSS is in Observer state. Switching over to clock synchronization checks using NTP
Starting Clock synchronization checks using Network Time Protocol(NTP)...

 NTP Configuration file check started...
NTP Configuration file check passed

 Checking daemon liveness...
Liveness check passed for "ntpd"

 NTP daemon slewing option check passed

 NTP daemon's boot time configuration check for slewing option passed

 NTP common Time Server Check started...
PRVF-5408 : NTP Time Server "192.5.41.41" is common only to the following nodes "mkkprodracdb1"
PRVF-5408 : NTP Time Server "193.204.114.232" is common only to the following nodes "mkkprodracdb1"
PRVF-5408 : NTP Time Server "69.36.224.15" is common only to the following nodes "mkkprodracdb1"
Check of common NTP Time Server passed

 Clock time offset check from NTP Time Server started...
Clock time offset check passed

 Clock synchronization check using Network Time Protocol(NTP) passed
Oracle Cluster Time Synchronization Services check passed

 Post-check for cluster services setup was unsuccessful.
Checks did not pass for the following node(s):
        mkkprodracdb2
[oraprod@mkkprodracdb1 grid]$

 [oraprod@mkkprodracdb1 grid]$ ./runcluvfy.sh stage -post crsinst -n all -verbose

 Performing post-checks for cluster services setup

 Checking node reachability...

 Check: Node reachability from node "mkkprodracdb1"
  Destination Node                      Reachable?
  ------------------------------------  ------------------------
  mkkprodracdb2                           yes
  mkkprodracdb1                           yes
Result: Node reachability check passed from node "mkkprodracdb1"
Checking user equivalence...

 Check: User equivalence for user "oraprod"
  Node Name                             Comment
  ------------------------------------  ------------------------
  mkkprodracdb2                           passed
  mkkprodracdb1                           passed
Result: User equivalence check passed for user "oraprod"
Checking time zone consistency...
Time zone consistency check passed.
Checking Cluster manager integrity...

 Checking CSS daemon...

   Node Name                             Status
  ------------------------------------  ------------------------
  mkkprodracdb2                           running
  mkkprodracdb1                           running

 Oracle Cluster Synchronization Services appear to be online.

 Cluster manager integrity check passed
UDev attributes check for OCR locations started...
Result: UDev attributes check passed for OCR locations
UDev attributes check for Voting Disk locations started...
Result: UDev attributes check passed for Voting Disk locations
Check default user file creation mask
  Node Name     Available                 Required                  Comment
  ------------  ------------------------  ------------------------  ----------
  mkkprodracdb2   0022                      0022                      passed
  mkkprodracdb1   0022                      0022                      passed
Result: Default user file creation mask check passed

 Checking cluster integrity...

   Node Name
  ------------------------------------
  mkkprodracdb1
  mkkprodracdb2

 Cluster integrity check passed
Checking OCR integrity...

 Checking the absence of a non-clustered configuration...
All nodes free of non-clustered, local-only configurations
ASM Running check passed. ASM is running on all cluster nodes

 Checking OCR config file "/etc/oracle/ocr.loc"...

 OCR config file "/etc/oracle/ocr.loc" check successful
Disk group for ocr location "+PRODOCR1" available on all the nodes
Checking size of the OCR location "+PRODOCR1" ...

 Size check for OCR location "+PRODOCR1" successful...
Size check for OCR location "+PRODOCR1" successful...

 WARNING:
This check does not verify the integrity of the OCR contents. Execute 'ocrcheck' as a privileged user to verify the contents of OCR.

 OCR integrity check passed

 Checking CRS integrity...
The Oracle clusterware is healthy on node "mkkprodracdb2"
The Oracle clusterware is healthy on node "mkkprodracdb1"

 CRS integrity check passed

 Checking node application existence...

 Checking existence of VIP node application
  Node Name     Required                  Status                    Comment
  ------------  ------------------------  ------------------------  ----------
  mkkprodracdb2   yes                       unknown                   failed
  mkkprodracdb1   yes                       online                    passed
Result: Check failed.

 Checking existence of ONS node application
  Node Name     Required                  Status                    Comment
  ------------  ------------------------  ------------------------  ----------
  mkkprodracdb2   no                        online                    passed
  mkkprodracdb1   no                        online                    passed
Result: Check passed.

 Checking existence of GSD node application
  Node Name     Required                  Status                    Comment
  ------------  ------------------------  ------------------------  ----------
  mkkprodracdb2   no                        does not exist            ignored
  mkkprodracdb1   no                        does not exist            ignored
Result: Check ignored.

 Checking existence of EONS node application
  Node Name     Required                  Status                    Comment
  ------------  ------------------------  ------------------------  ----------
  mkkprodracdb2   no                        online                    passed
  mkkprodracdb1   no                        online                    passed
Result: Check passed.

 Checking existence of NETWORK node application
  Node Name     Required                  Status                    Comment
  ------------  ------------------------  ------------------------  ----------
  mkkprodracdb2   no                        online                    passed
  mkkprodracdb1   no                        online                    passed
Result: Check passed.
Checking Single Client Access Name (SCAN)...
  SCAN VIP name     Node          Running?      ListenerName  Port          Running?
  ----------------  ------------  ------------  ------------  ------------  ------------
  mkkprodscan.mkkdomain.intranet  mkkprodracdb1   true          LISTENER      1581          true

 Checking name resolution setup for "mkkprodscan.mkkdomain.intranet"...
  SCAN Name     IP Address                Status                    Comment
  ------------  ------------------------  ------------------------  ----------
  mkkprodscan.mkkdomain.intranet  192.19.1.130              passed
  mkkprodscan.mkkdomain.intranet  192.19.1.129              passed
  mkkprodscan.mkkdomain.intranet  192.19.1.128              passed

 Verification of SCAN VIP and Listener setup passed
OCR detected on ASM. Running ACFS Integrity checks...

 Starting check to see if ASM is running on all cluster nodes...

 ASM Running check passed. ASM is running on all cluster nodes

 Starting Disk Groups check to see if at least one Disk Group configured...
Disk Group Check passed. At least one Disk Group configured

 Task ACFS Integrity check passed

 Checking Oracle Cluster Voting Disk configuration...

 Oracle Cluster Voting Disk configuration check passed

 Checking to make sure user "oraprod" is not in "root" group
  Node Name     Status                    Comment
  ------------  ------------------------  ------------------------
  mkkprodracdb2   does not exist            passed
  mkkprodracdb1   does not exist            passed
Result: User "oraprod" is not part of "root" group. Check passed

 Checking if Clusterware is installed on all nodes...
Check of Clusterware install passed

 Checking if CTSS Resource is running on all nodes...
Check: CTSS Resource running on all nodes
  Node Name                             Status
  ------------------------------------  ------------------------
  mkkprodracdb2                           passed
  mkkprodracdb1                           passed
Result: CTSS resource check passed
Querying CTSS for time offset on all nodes...
Result: Query of CTSS for time offset passed

 Check CTSS state started...
Check: CTSS state
  Node Name                             State
  ------------------------------------  ------------------------
  mkkprodracdb2                           Observer
  mkkprodracdb1                           Observer
CTSS is in Observer state. Switching over to clock synchronization checks using NTP
Starting Clock synchronization checks using Network Time Protocol(NTP)...

 NTP Configuration file check started...
The NTP configuration file "/etc/ntp.conf" is available on all nodes
NTP Configuration file check passed

 Checking daemon liveness...

 Check: Liveness for "ntpd"
  Node Name                             Running?
  ------------------------------------  ------------------------
  mkkprodracdb2                           yes
  mkkprodracdb1                           yes
Result: Liveness check passed for "ntpd"

 Checking NTP daemon command line for slewing option "-x"
Check: NTP daemon command line
  Node Name                             Slewing Option Set?
  ------------------------------------  ------------------------
  mkkprodracdb2                           yes
  mkkprodracdb1                           yes
Result:
NTP daemon slewing option check passed

 Checking NTP daemon's boot time configuration, in file "/etc/sysconfig/ntpd", for slewing option "-x"

 Check: NTP daemon's boot time configuration
  Node Name                             Slewing Option Set?
  ------------------------------------  ------------------------
  mkkprodracdb2                           yes
  mkkprodracdb1                           yes
Result:
NTP daemon's boot time configuration check for slewing option passed

 NTP common Time Server Check started...
PRVF-5408 : NTP Time Server "192.5.41.41" is common only to the following nodes "mkkprodracdb1"
NTP Time Server "182.23.102.198" is common to all nodes on which the NTP daemon is running
PRVF-5408 : NTP Time Server "193.204.114.232" is common only to the following nodes "mkkprodracdb1"
PRVF-5408 : NTP Time Server "69.36.224.15" is common only to the following nodes "mkkprodracdb1"
NTP Time Server ".LOCL." is common to all nodes on which the NTP daemon is running
Check of common NTP Time Server passed

 Clock time offset check from NTP Time Server started...
Checking on nodes "[mkkprodracdb2, mkkprodracdb1]"...
Check: Clock time offset from NTP Time Server

 Time Server: 182.23.102.198
Time Offset Limit: 1000.0 msecs
  Node Name     Time Offset               Status
  ------------  ------------------------  ------------------------
  mkkprodracdb2   -25.438                   passed
  mkkprodracdb1   11.585                    passed
Time Server "182.23.102.198" has time offsets that are within permissible limits for nodes "[mkkprodracdb2, mkkprodracdb1]".

 Time Server: .LOCL.
Time Offset Limit: 1000.0 msecs
  Node Name     Time Offset               Status
  ------------  ------------------------  ------------------------
  mkkprodracdb2   0.0                       passed
  mkkprodracdb1   0.0                       passed
Time Server ".LOCL." has time offsets that are within permissible limits for nodes "[mkkprodracdb2, mkkprodracdb1]".
Clock time offset check passed

 Result: Clock synchronization check using Network Time Protocol(NTP) passed
Oracle Cluster Time Synchronization Services check passed

 Post-check for cluster services setup was unsuccessful.
Checks did not pass for the following node(s):
        mkkprodracdb2
[oraprod@mkkprodracdb1 grid]$

 Highlighted issue was due to IP Conflict in DNS, after the IP Conflict is resolved in DNS, and root.sh run in both Database Server Nodes, performed the following steps to add the VIP Manually:

 Aftre the IP Conflicts resolved manually run the following command from db02:

 # ./srvctl add vip -n mkkprodracdb2 -k 1 -A mkkprodracdb2-vip/255.255.255.0/eth0
# ./srvctl start vip -n mkkprodracdb2
# ./srvctl start listener -n mkkprodracdb2


Posted by at No comments:
Labels:

Cluster Verification Utility Before 11gR2 Grid Infrastructure Installation


Before Proceeding for GRID Installation Make Sure all following errors are corrected:

 [oraprod@mkkprodracdb1 grid]$ ./runcluvfy.sh stage -pre crsinst -n mkkprodracdb1,mkkprodracdb2

 Performing pre-checks for cluster services setup

 Checking node reachability...
Node reachability check passed from node "mkkprodracdb1"
Checking user equivalence...
User equivalence check passed for user "oraprod"

 Checking node connectivity...

 Checking hosts config file...

 Verification of the hosts config file successful

 Node connectivity passed for subnet "172.16.1.0" with node(s) mkkprodracdb2,mkkprodracdb1
TCP connectivity check passed for subnet "172.16.1.0"
Interfaces found on subnet "172.16.1.0" that are likely candidates for VIP are:
mkkprodracdb2 eth0:172.16.1.155
mkkprodracdb1 eth0:172.16.1.154

 WARNING:
Could not find a suitable set of interfaces for the private interconnect

 Node connectivity check passed

 Total memory check passed
Available memory check passed
Swap space check passed
Free disk space check passed for "mkkprodracdb2:/tmp"
Free disk space check passed for "mkkprodracdb1:/tmp"
User existence check passed for "oraprod"
Group existence check failed for "oinstall"
Check failed on nodes:
        mkkprodracdb2,mkkprodracdb1
Group existence check passed for "dba"
Membership check for user "oraprod" in group "oinstall" [as Primary] failed
Check failed on nodes:
        mkkprodracdb2,mkkprodracdb1
Membership check for user "oraprod" in group "dba" passed
Run level check passed
Hard limits check passed for "maximum open file descriptors"
Soft limits check passed for "maximum open file descriptors"
Hard limits check passed for "maximum user processes"
Soft limits check passed for "maximum user processes"
System architecture check passed
Kernel version check passed
Kernel parameter check passed for "semmsl"
Kernel parameter check passed for "semmns"
Kernel parameter check passed for "semopm"
Kernel parameter check passed for "semmni"
Kernel parameter check passed for "shmmax"
Kernel parameter check passed for "shmmni"
Kernel parameter check passed for "shmall"
Kernel parameter check failed for "file-max"
Check failed on nodes:
        mkkprodracdb2,mkkprodracdb1
Kernel parameter check passed for "ip_local_port_range"
Kernel parameter check passed for "rmem_default"
Kernel parameter check passed for "rmem_max"
Kernel parameter check passed for "wmem_default"
Kernel parameter check passed for "wmem_max"
Kernel parameter check failed for "aio-max-nr"
Check failed on nodes:
        mkkprodracdb2,mkkprodracdb1
Package existence check passed for "ocfs2-tools-1.2.7"
Package existence check passed for "make-3.81"
Package existence check passed for "binutils-2.17.50.0.6"
Package existence check passed for "gcc-4.1"
Package existence check passed for "libaio-0.3.106 (i386)"
Package existence check passed for "libaio-0.3.106 (x86_64)"
Package existence check passed for "glibc-2.5-24 (i686)"
Package existence check passed for "glibc-2.5-24 (x86_64)"
Package existence check passed for "compat-libstdc++-33-3.2.3 (i386)"
Package existence check passed for "compat-libstdc++-33-3.2.3 (x86_64)"
Package existence check passed for "elfutils-libelf-0.125 (x86_64)"
Package existence check passed for "elfutils-libelf-devel-0.125"
Package existence check passed for "glibc-common-2.5"
Package existence check passed for "glibc-devel-2.5 (i386)"
Package existence check passed for "glibc-devel-2.5 (x86_64)"
Package existence check passed for "glibc-headers-2.5"
Package existence check passed for "gcc-c++-4.1.2"
Package existence check failed for "libaio-devel-0.3.106 (i386)"
Check failed on nodes:
        mkkprodracdb2
Package existence check failed for "libaio-devel-0.3.106 (x86_64)"
Check failed on nodes:
        mkkprodracdb2,mkkprodracdb1
Package existence check passed for "libgcc-4.1.2 (i386)"
Package existence check passed for "libgcc-4.1.2 (x86_64)"
Package existence check passed for "libstdc++-4.1.2 (i386)"
Package existence check passed for "libstdc++-4.1.2 (x86_64)"
Package existence check passed for "libstdc++-devel-4.1.2 (x86_64)"
Package existence check passed for "sysstat-7.0.2"
Package existence check passed for "unixODBC-2.2.11 (i386)"
Package existence check failed for "unixODBC-2.2.11 (x86_64)"
Check failed on nodes:
        mkkprodracdb2,mkkprodracdb1
Package existence check passed for "unixODBC-devel-2.2.11 (i386)"
Package existence check failed for "unixODBC-devel-2.2.11 (x86_64)"
Check failed on nodes:
        mkkprodracdb2,mkkprodracdb1
Package existence check passed for "ksh-20060214"
Check for multiple users with UID value 0 passed
Current group ID check passed
Core file name pattern consistency check passed.

 User "oraprod" is not part of "root" group. Check passed
Default user file creation mask check passed

 Starting Clock synchronization checks using Network Time Protocol(NTP)...

 NTP Configuration file check started...
NTP Configuration file check passed

 Checking daemon liveness...
Liveness check passed for "ntpd"

 NTP daemon slewing option check passed

 NTP daemon's boot time configuration check for slewing option passed

 NTP common Time Server Check started...
PRVF-5408 : NTP Time Server "128.252.19.1" is common only to the following nodes "mkkprodracdb1"
PRVF-5408 : NTP Time Server "93.84.115.2" is common only to the following nodes "mkkprodracdb1"
PRVF-5408 : NTP Time Server "69.164.222.108" is common only to the following nodes "mkkprodracdb1"
Check of common NTP Time Server passed

 Clock time offset check from NTP Time Server started...
PRVF-5413 : Node "mkkprodracdb1" has a time offset of 188828.0 that is beyond permissible limit of 1000.0 from NTP Time Server "172.16.1.11"
Clock time offset check passed

 Clock synchronization check using Network Time Protocol(NTP) passed
Pre-check for cluster services setup was unsuccessful on all the nodes.
[oraprod@mkkprodracdb1 grid]$
Use the following command to check networking set up with CVU:
./runcluvfy.sh comp nodecon -n mkkprodracdb1,mkkprodracdb2
Reference:
10gR2, 11gR1 and 11gR2 Oracle Clusterware (CRS / Grid Infrastructure) & RAC Command (crsctl, srvctl, cluvfy etc) Syntax and Reference [ID 1332452.1]

Posted by at No comments:
Labels:

After Changing LDAP Providers, Users Are Not Picking Up Correct Rights or Permissions When Logging In


After Changing LDAP Providers, Users Are Not Picking Up Correct Rights or Permissions When Logging In

 Cause Justification:

 This issue is caused because the user logging in does not have administrative rights, or Imaging is not picking up the correct administrative rights for the user, so the user is being presented with basic options without any of the configuration menus.
If using a new or changed LDAP provider, the latter can happen because the user's or group's GUIDs from the LDAP provider are cached from the initial startup of Imaging, and so may not match the new GUIDs. This means that the users are not receiving the proper rights, and so are being logged in as normal users with basic rights.
To resolve this issue, you must ensure that the user logging in is an administrator within WebLogic Server. If the issue occurred after adding or changing LDAP providers, you can refresh/reset the cached GUID values in the Imaging security tables, by performing one of the following solutions:

 Method 1, via the WLST tool:

 Step#1: Connect to WLST tool using following steps:
. ${HOME}/db_wls_env.sh
cd ${MW_HOME}/Oracle_ECM1/common/bin
./wlst.sh
wls:/offline> connect()
Supply username, password, server URL

 wls:/offline> connect()
Please enter your username :weblogic
Please enter your password :
Please enter your server URL [t3://localhost:7001] :
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'mkkbase_domain'.

 Step#2: Execute the following command to refresh the GUIDs:
wls:/mkkbase_domain/serverConfig> refreshIPMSecurity()
wls:/mkkbase_domain/serverConfig> exit()

 Step#3: Login to IPM Database using PL/SQL Developer and Check the following three tables, to ensure that their GUID columns are refreshed:
SYSTEM_SECURITY
DEFINITION_SECURITY
DOCUMENT_SECURITY

 Method 2, via the Enterprise Manager front end:

 1. Login into the EM Console(http://mkkaixserver1:7001/em
2. Navigate down to the Imaging server under the Weblogic Domain Folder.
3. Once the right hand pane refreshes, click on the 'WebLogic Server' drop down menu and select 'System MBean Browser'.
4. On the MBean Browser tree go to Application Defined MBeans --> oracle.imaging --> Server: IPM_server1 --> cmd --> cmd
5. Click on the 'refreshIPMSecurity' link on the right hand pane.
6. Press Invoke button.

 Step#3: Login to IPM Database using PL/SQL Developer and Check the following three tables, to ensure that their GUID columns are refreshed:
SYSTEM_SECURITY
DEFINITION_SECURITY
DOCUMENT_SECURITY

 If the above step fails then manually truncate the IPM Security tables and changing the admin user would be next solution:

 1. Clear the Imaging System_Security table with either a truncate table or delete * from System_Security command
create table DEV1_IPM.SYSTEM_SECURITY_20120207 as select * from DEV1_IPM.SYSTEM_SECURITY;
create table DEV1_IPM.DEFINITION_SECURITY_20120207 as select * from DEV1_IPM.DEFINITION_SECURITY;
create table DEV1_IPM.DOCUMENT_SECURITY_20120207 as select * from DEV1_IPM.DOCUMENT_SECURITY;
truncate table DEV1_IPM.SYSTEM_SECURITY;
truncate table DEV1_IPM.DEFINITION_SECURITY
truncate table DEV1_IPM.DOCUMENT_SECURITY

 2. Restart the IPM Server Only

 3. Login as MKKIPMADMIN as the first user to IPM. Now, MKKIPMADMIN will be the new administrator for IPM.
Posted by at No comments:
Labels: ,

How to do the FINEST Logging for IPM?


1. Login to WebLogic EM Console: http://mkkaixserver1.mkkdomain.intranet:7001/EM
2. Expand the WebLogic Domain.
3. Expand the Domain Name.
4. Click on IPM_SERVER (default install name = IPM_server1).
5. Click on the WebLogic Server control Fly out menu and select Logs -> Log Configuration.
6. Select the Log levels tab.
7. Set the View section to Runtime Loggers.
8. Expand the Root Logger. (if there is no expansion available, see below for steps on adding it)
9. Expand oracle.
10. Expand oracle.imaging.
11. Expand oracle.imaging.service.
12. At this point, you should see the oracle.imaging.service.exceptions.
13. Set this to FINEST.

 If you do not see oracle.imaging.service.exceptions, this can be manually added by following these steps:
1. Collapse root loggers completely (else you will receive the error "javax.faces.model.NoRowAvailableException")
2. On the Log Configuration screen, set the View section to "Loggers With Persistent Log Level State".
3. On the bottom of the screen, expand Specify Loggers.
4. In the Name section, type "oracle.imaging.service.exceptions".
5. Set the Oracle Diagnostic Logging level to "FINEST".

 IPM Diagnostic Logfile Location would be:
${MW_HOME}/user_projects/domains/mkkbase_domain/servers/IPM_server1/logs/IPM_server1-diagnostic.log
Posted by at No comments:
Labels: , ,

Various Start/Stop Options for WebCentre Content Management


To stop/start Oracle Content Server with the Oracle WebLogic Server Administration Console:

 1. On the Administration Console Domain Structure navigation bar, select Environment, then Servers.
2. On the Conversion tab for the Summary of Servers section, select the name of the Oracle UCM server for the Oracle Content Server instance.
3. In the Settings for server_name section, click the Control tab.
4. In the Server Status area, click Shutdown.

 To stop Oracle Content Server with Fusion Middleware Control:

 1. In the Fusion Middleware Control navigation tree, expand the appropriate domain name (for example, UCM_ucm_domain).
2. Expand Content Management, then Universal Content Management, then Content Server.
3. Select the Oracle Content Server instance name (for example, Oracle Content Server (UCM_server1)). The home page for your Oracle Content Server instance displays.
4. From the UCM menu on the Oracle Content Server page, select Control, then Shut Down.... The Oracle Content Server instance is shut down.

 To stop Oracle Content Server Using Script:

 /d12/oraecm/Oracle/Middleware/user_projects/domains/mkkbase_domain/bin/stopManagedWebLogic.sh UCM_server1
/d12/oraecm/Oracle/Middleware/user_projects/domains/mkkbase_domain/stopWebLogic.sh
/d12/oraecm/Oracle/Middleware/user_projects/domains/mkkbase_domain/bin/stopManagedWebLogic.sh IPM_server1 http://mkkaixserver1.mkkdomain.intranet:7001

 To start Oracle Content Server Using Script:

 Start WebLogic Admin Services:
${MW_HOME}/user_projects/domains/mkkbase_domain/startWebLogic.sh

 Start UCM Managed Services:
${MW_HOME}/user_projects/domains/mkkbase_domain/bin/startManagedWebLogic.sh UCM_server1

 Start IPM Managed Services:
${MW_HOME}/user_projects/domains/mkkbase_domain/bin/startManagedWebLogic.sh IPM_server1 http://mkkaixserver1.mkkdomain.intranet:7001

 Starting Weblogic Administration Server without Giving Password:

 $ cat start_weblogic.sh
/d12/oraecm/Oracle/Middleware/user_projects/domains/mkkbase_domain/startWebLogic.sh \
-Dweblogic.management.username=weblogic \
-Dweblogic.management.password=***********
Posted by at No comments:
Labels: , ,

Enabling WebLogic/Managed Servers to Start Without Supplying Credentials


You can enable the Administration Server and Managed Servers to start without prompting you for the administrator username and password.

 1. For the Administration Server, create a boot.properties file:

 Create the following directory:
${MW_HOME}/user_projects/domains/mkkbase_domain/servers/AdminServer/security
mkkbase_domain >>> is the domain name

 Use a text editor to create a file called boot.properties in the security directory created in the previous step, and enter the following lines in the file:
username=weblogic
password=*********

 For each Managed Server:

 Create the following directory:
${MW_HOME}/user_projects/domains/mkkbase_domain/servers/UCM_server1/security
${MW_HOME}/user_projects/domains/mkkbase_domain/servers/IPM_server1/security

 Copy the boot.properties file you created for the Administration Server to the security directory of Managed Server you created in the previous step.

 Restart the Administration Server and Managed Servers, now it shouldnot ask for the weblogic username and password.
Posted by at No comments:
Labels: ,

Friday 9 November 2012

Modifying the VIP or VIP Hostname for 11gR2


Verification of Existing Configuration:

 $ srvctl config nodeapps -a >>> Use this command to find the existing info
crsctl stat res -t >>> It should show VIPs are ONLINE
$ ifconfig -a



 Stop all the relevant resources:

 $ srvctl stop instance -d <db_name> -n <node_name>
$ srvctl stop vip -n <node_name> -f

 To prevent the automatic startup of ASM or database instances until the change has been verified, one might want to disable the corresponding resources:
$ srvctl disable nodeapps
crsctl stat res -t >>> It should show VIPs are OFFLINE
ifconfig -a

Modifying VIP and Its Associated Attributes
As root user:
# srvctl modify nodeapps -n <node> -A <new_vip_address or new_vip_hostname>/<netmask>/<[if1[if2...]]>

 From 11.2.0.2 onwards, network resource can be modified directly via srvctl modify network command.
as root user:
# srvctl modify network -k <network_number>] [-S <subnet>/<netmask>[/if1[|if2...]]

Start the nodeapps and the other resources

 If resources are disabled before, they can be enabled now with
$ srvctl enable nodeapps
$ srvctl enable asm -n <node_name>
$ srvctl enable database -d <db_name>

 $ srvctl start nodeapps -n <node_name>
$ srvctl start instance -d <dbanme> -i <inst>
$ srvctl start asm -n <node_name>

Verification After Completion:

 $ srvctl config nodeapps -a
crsctl stat res -t
ifconfig -a

 Repeat the same steps for the rest nodes in the cluster only if the similar change is required.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)