DOYENSYS Knowledge Portal




We Welcome you to visit our DOYENSYS KNOWLEDGE PORTAL : Doyensys Knowledge Portal




Tuesday, November 27, 2012

FRM-92101: There was a failure in the Forms Server during startup. This could happen due to invalid configuration.

Scenario:

After cloning, While launching the forms we get the following error

Error :

FRM-92101: There was a failure in the Forms Server during startup. This could happen due to invalid configuration.
Please look into the web-server log file for details.




Cause:

This is due to ldflags pointing to wrongly to PROD server which should points to (TEST/DEV) respective server.

Solution:

Source the Apps environment

Bring down the application

Cd $ORACLE_HOME/lib32

ls –lrt ldflags  -Would be pointing to production location

unlink  ldflags

ln -s   /u01/test/apps/tech_st/10.1.2/lib/ldflags ldflags (link to the right path)

cd $ORACLE_HOME/forms/lib32/

make -f ins_forms.mk install

Now restart the application and check for the same.

Error while loading shared libraries: libdb.so.2: cannot open shared object file

Scenario:

While starting Apache after clone we faced the following error.

[applmgr@trinity scripts]$ sh adapcctl.sh start
You are running adapcctl.sh version 120.7.12010000.2
Starting OPMN managed Oracle HTTP Server (OHS) instance ...
adapcctl.sh: exiting with status 204
adapcctl.sh: check the

 Check the following log file :
/db/VIS/inst/apps/VIS_doyen/logs/ora/10.1.3/opmn/HTTP_Server~1.log

Error :

/db/VIS/inst/apps/VIS_doyen/ora/10.1.3/Apache/Apache/bin/apachectl startssl: execing httpd
/db/VIS/apps/tech_st/10.1.3/Apache/Apache/bin/httpd: error while loading shared libraries: libdb.so.2: cannot open shared object file: No such file or directory


Cause:

http web server unable to start due to missing library.

Solution:

Create link for library file as below

ln -s /usr/lib/libgdbm.so.2.0.0 /usr/lib/libdb.so.2

Now start Apache and check the same.

[applmgr@DOYEN scripts]$ sh adapcctl.sh start
You are running adapcctl.sh version 120.7.12010000.2
Starting OPMN managed Oracle HTTP Server (OHS) instance ...
adapcctl.sh: exiting with status 0

Now you should be able to access the application.

Monday, November 26, 2012

Apps login shows blank page

Problem :

R12 AppsLocalLogin shows blank page

Check for the following log file
cd $LOG_HOME/ora/10.1.3/j2ee/oacore/oacore_default_group_1

vi application.log

Go to the end of the file and found the following error

Error :

12/11/26 11:12:19.657 html: chain failed
javax.servlet.ServletException: java.lang.RuntimeException: Guest user/pwd does not exist or match: GUEST/ORACLE at com.evermind[Oracle Containers for J2EE 10g  (10.1.3.4.0) ].server.http.EvermindPageContext.handlePageThrowable(EvermindPageContext.java:899)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindPageContext.handlePageException(EvermindPageContext.java:816)
at _AppsLocalLogin._jspService(_AppsLocalLogin.java:303)
at com.orionserver[Oracle Containers for J2EE 10g (10.1.3.4.0) ].http.OrionHttpJspPage.service(OrionHttpJspPage.java:59) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
at oracle.apps.jtf.base.session.ReleaseResFilter.doFilter(ReleaseResFilter.java:26)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15) at oracle.apps.fnd.security.AppsServletFilter.doFilter(AppsServletFilter.java:318) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:313) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)

Now we came to know that there is some problem with Guest user. So validate the Guest user

SQL> select FND_WEB_SEC.VALIDATE_LOGIN('GUEST','ORACLE') from dual;
FND_WEB_SEC.VALIDATE_LOGIN('GUEST','ORACLE')
--------------------------------------------------------------------------------
N
The above Query should show Y but it shows N. So we need to check for the reason
SQL> select fnd_message.get from dual;

GET
--------------------------------------------------------------------------------
Oracle error -449: ORA-00449: background process 'MMON' unexpectedly terminated
with error 448 has been detected in FND_WEB_SEC.VALIDATE_LOGIN(u,p).
So the above error states that there was Abnormal termination happened by MMON.

Solution:

Restart DB and Listener and apps and check for the Validation of Guest user

SQL> select FND_WEB_SEC.VALIDATE_LOGIN('GUEST','ORACLE') from dual;

FND_WEB_SEC.VALIDATE_LOGIN('GUEST','ORACLE')
--------------------------------------------------------------------------------
Y

Wednesday, November 7, 2012

Query to find the session that is generating more Archives

This Query is to find the session that is generating more Archives.

col program for a10
col username for a10
select to_char(sysdate,'hh24:mi'), username, program , a.sid, a.serial#, b.name, c.value
from v$session a, v$statname b, v$sesstat c
where b.STATISTIC# =c.STATISTIC#
and c.sid=a.sid and b.name like 'redo%'
order by value;

Tuesday, November 6, 2012

ORA-00600: internal error code, arguments: [krr_init_lbufs_1], [74]

Error :

=====

ORA-00600: internal error code, arguments: [krr_init_lbufs_1], [74]

Scenario:
=======
When we are applying the archives for recovering the database in the middle of a recovery we face this error after applying some of the archvies.

ORA-00279: change 568074198 generated at 03/13/2009 10:47:27 needed for thread 1

ORA-00289: suggestion :

/u02test/archivelogs/archivelog_test_1_2684_655528279.log

ORA-00280: change 556095143 for thread 1 is in sequence #2834

ORA-00278: log file '/u02test/archivelogs/

archivelog_test_1_2684_655528279.log'

no longer needed for this recovery

ORA-00283: recovery session canceled due to errors
ORA-00600: internal error code, arguments: [krr_init_lbufs_1], [74],[66],[43], [], [], [], [], [], [], [], []
ORA-01112: media recovery not started
Only 1 hit in metalink but fortunately a documented bypass ( from bug 7373196 evidently ).

Solution :
========

Bug in 64 bit 11.1.0.7 ...
Shut down the instance
Add the following parameter in pfile
_max_io_size=4194304

Now mount the same and start the recovery.

Friday, October 12, 2012

Secure Configuration Guide for Oracle E-Business Suite Release 12 From Metalink



Security is very important factors for Oracle Apps DBAs.


The Metalink Doc : [ID 403537.1], Secure Configuration Guide for Oracle E-Business Suite Release 12, Shares us the Guide for R12 Security configuration and Security check script.


Login to metalink and make us of it .... Very helpful Security Guide and Scripts are very helpful too..


Below are the Extracts (Unless you have metalink access, you wont get those these).


Secure Configuration Guide for Oracle E-Business Suite Release 12


This document provides practical advice for secure configuration of the Oracle E-Business Suite Release 12.0 and 12.1.


Secure Configuration Guide for Oracle E-Business Suite Release 12 Version 1.1.1 (PDF)


Additionally, the following zip file provides a set of scripts to verify the proper setting of many of the values recommended in this document.


Oracle E-Business Suite Security Configuration Check Scripts (ZIP)


The document contains the following sections:

•Overview ◦Keep software up to date
◦Restrict network access to critical services
◦Follow the principle of least privilege
◦Monitor system activity
◦Keep up to date on latest security information

• Oracle TNS Listener Security ◦Harden operating environment

◦Add IP restrictions or enable Valid Node Checking
◦Specify connection timeout
◦Enable encryption of network traffic
◦Enable TNS Listener password (only if required)
◦Enable admin restrictions
◦Enable TNS Listener logging

• Oracle Database Security ◦Harden operating environment

◦Disable XDB
◦Review database links
◦Remove operating system trusted remote logon
◦Implement two profiles for password management
◦Change default installation passwords
◦Restrict access to SQL trace files
◦Remove operating system trusted remote roles
◦Limit file system access within PL/SQL
◦Limit dictionary access
◦Revoke unneccessary grants given to APPLSYSPUB
◦Configure the database for auditing
◦Audit database connections
◦Audit database schema changes
◦Audit other activities
◦Audit administrators and their actions
◦Review audit records
◦Maintain audit records
◦Secure audit records

• Oracle Application Tier Security ◦Harden operating environment

◦Harden Apache configuration
◦Protect administrative web pages
◦Configure logging

• Oracle E-Business Suite Security

◦Harden operating environment
◦Strike passwords from adpatch logs
◦Set Workflow notification mailer SEND_ACCESS_KEY to N
◦Set Tools environment variables
◦Restrict filetypes that may be uploaded
◦Enable Antisamy HTML filter
◦Use SSL (HTTPS) between browser and web server
◦Avoid Weak Ciphers and Protocols for SSL (HTTPS)
◦Use External Webtier if exposing any part of EBS to the internet
◦Use Terminal Services for client-server programs
◦Change passwords for seeded application user accounts
◦Switch to Hashed Passwords
◦Tighten logon and session profile options
◦Consider using Single-Sign-On
◦Create new user accounts safely
◦Create shared responsibilities instead of shared accounts
◦Configure Concurrent Manager for safe authentication
◦Configure Concurrent Manager for Start and Stop without the APPS password
◦Activate Server Security
◦Create DBC files securely
◦Review and limit Responsibilities and Permissions
◦Set other security related profile options
◦Restrict responsibilities by web server trust level
◦Set Sign-On audit level
◦Monitor system activity with OAM
◦Retrieve audit records using Reports
◦Retrieve audit records using SQL
◦Purge audit records
◦Review data tracked (no Reports available)
◦Configuring audit trail
◦Generate and identify audit trail objects
◦Choose tables to audit
◦Retrieve audit records using SQL
◦Purge audit records
◦References on Oracle E-Business Suite auditing

• Desktop Security

◦Configure browser
◦Update browser
◦Turn off AutoComplete
◦Set policy for unattended PC sessions
• Operating Environment Security ◦Cleanup file ownership and access
◦Cleanup file permissions
◦Lockdown operating system libraries and programs
◦Filter IP packets
◦Prevent spoofing
◦Eliminate telnet, rsh and ftp daemons
◦Verify network configuration
◦Monitor for attacks
◦Configure accounts securely
◦Limit root access
◦Manage user accounts
◦Secure NFS
◦Secure operating system devices
◦Secure executables
◦Secure file access

• Extras for Experts

◦Detect and Prevent Duplicate User Sessions
◦Customize Password Validation
◦Encrypt Credit Cards
◦Advanced Security/Networking Option (ASO/ANO)
◦Advanced Security/Transparent Data Encryption (ASO/TDE)
◦Practice Safe Cloning
◦Hardening External Procedure (EXTPROC) Services
◦EXTPROC Listener Configuration
◦EXTPROC Testing Procedure

• Appendix A: Running Web-Scanning Tools

• Appendix B: Sensitive Administrative Pages
• Appendix C: Database Schemas found in Oracle E-Business Suite
• Appendix D: Processes used by Oracle E-Business Suite
• Appendix E: Ports used by Oracle E-Business Suite
• Appendix F: Sample Linux Hardening of the Application Tier
• Appendix G: Security Check Scripts
• Appendix H: References & More Resources

Keywords: E-Business, Secure Configuration, Hardening, Best Practice, Security

Monday, October 8, 2012

AFPASSWD - New password utility in EBS 12.1.2


AFPASSWD:

In R12.1.1 and before oracle EBS Versions EBS passwords are changed using FNDCPASS.
AFPASSWD Usage and Syntax:
 -h - Displays help.
From R12.1.2 Oracle has come up with another Utility AFPASSWD for the same purpose.
Advantage is that you can run AFPASSWD utility from DB tier or from Midtier where as FNDCPASS can only be run from midtier side.

AFPASSWD is an enhanced version of FNDCPASS, and includes the following features:
     AFPASSWD only prompts for passwords required for the current operation,
allowing separation of duties between applications administrators and database administrators.
This also improves interoperability with Oracle Database Vault. In contrast, the FNDCPASS utility currently requires specification of the APPS and the SYSTEM usernames and corresponding passwords, preventing separation of duties between applications administrators and database administrators.
   
     When changing a password with AFPASSWD, the user is prompted to enter the
New password twice to confirm.
  
     AFPASSWD can be run from the database tier as well as the application tier. In
contrast, FNDCPASS can only be run from the application tier.

AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] [-f <FNDUSER>]

AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] [-o <DBUSER>]

AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] [-a]

AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] [-l <ORACLEUSER> [<TRUE>] |[<FALSE>]]

AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] [-L [<TRUE>] | [<FALSE>]]

AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] [-s] <APPLSYS>

These options have the following functions:

-c {APPSUSER}[@{TWO_TASK}] - Specifies the connection string to use, the
Applications user, and/or the value of TWO_TASK. This option can be use in
combination with others. If it is not specified, default values from the environment
will be used.
Note: The password will be prompted for, and is not to be
provided in the connection string.
-f {FNDUSER} - Changes the password for an Applications user. A username that
contains spaces must be enclosed in double quotation marks; for example, "JOHN
SMITH".

-o {DBUSER} - Changes the password for an Oracle E-Business Suite database user.
Note: This only applies to users listed in the FND_ORACLE_USERID table, not database users in general.

 -a - Changes all Oracle (ALLORACLE) passwords (except the passwords of APPS,APPLSYS, APPLSYSPUB) to the same password, in the same way as the ALLORACLE mode does in FNDCPASS.

 -l - Locks individual {ORACLE_USER} users (except required schemas). {TRUE} =LOCK, {FALSE} = UNLOCK.

 -L - Locks all Oracle (ALLORACLE) users (except required schemas). {TRUE} =LOCK, {FALSE} = UNLOCK.

 -s {APPLSYS} - Changes the password for the APPLSYS user and the APPS user. This requires the execution of autoconfig (in ALL-TIERS) to distribute the changes on your instance \
Ie: DB-TIER and ADMIN-TIER.


Run autoconfig on db tier and application tier after changing apps password:

Saturday, October 6, 2012

FRM-92095 Oracle Jinitiator version too low


FRM-92095 Oracle Jinitiator version too low:
Disable JRE 1.7 Auto-Update for All E-Business Suite and Oracle Forms End-Users

Oracle Support advising all Forms and EBS users to urgently disable auto-update of the JRE on your end users PC. If you have Auto-Update enabled, your JRE 1.6 version will be updated to JRE 7.

Unfortunately Oracle Forms is not compatible with JRE 7 yet AND
JRE 7 has not been certified with Oracle E-Business Suite yet.

Basically all Oracle E-Business Suite functionality based on Forms — e.g. Financials —
will stop working if you upgrade to JRE 7.

Temporary Solution:

If an  end-user’s desktop has been upgraded to JRE 1.7,  and you get the error message
FRM-92095: Oracle Jnitiator version too low – please install version 1.1.8.2 or higher

Note: ID 1348436.1    and a bug exists ( not yet fixed )
 Bug:11782681 APPS6: FORMS DO NOT LAUNCH WITH BETA JRE 1.7

If the deed has been done and your PC took over and upgraded your JRE
and you are unable to run Oracle Forms have no fear. just follow the steps below.

Uninstall JRE 1.7
Reinstall the latest JRE 1.6 release – Download the Java 6
http://www.java.com/en/download/manual_v6.jsp

If you want to create a silent JRE install so you can update in batch, you can checkout 
Metalink  Note: 362488.1 – How To Do A Silent Install Of Jinitiator From The Browser?

Wednesday, October 3, 2012

Oracle Standard Script to find all the Oralce Applications Product related details


One Stop Oracle Standard Script to find all the Oralce Applications Product related details

In AD Top we have script by name adutconf.sql ($AD_TOP/sql/adutconf.sql) file which gives

Product Group Information
Multi-Org enabled or not
Existing Operating Units
Multi-Currency enabled or not
Registered Applications
Registered ORACLE Schemas
Product Installation Status, Version Info and Patch Level
Product Database Configuration
Localization Module Information
Registered Data Groups
Base language and other Installed languages
NLS Settings
Replication Package Installed or not

How to run this script.

1. Login to application tier
2. source the applications env
3. cd $AD_TOP/sql
4. login to apps schema through sqlplus

sqlplus  apps @adutconf.sql

###~~~## it will prompt for apps password provide apps password.

the output will be generated in $AD_TOP/sql folder itself as adutconf.lst

Make use of it...This will be useful for most of you....

Yours
Narasimha Rao

EBusiness Suite Application Techstack component Versions


One Stop Standard Script to Oracle E-BS Application Techstack component Versions:

Really Required for Apps DBAs

MOS ID :601736.1

On Application Tier

  1. Establish the needed environment parameters by sourcing the Applications environment file as the owner of the application tier file system.
  1. Ensure "APPLRGF" variable is set in environment. If not, set it to the same value as "APPLTMP".
  1. Navigate to /patch/115/bin. Run the utility/command as follows :

    Operation SystemCommand Line
    Unix or Linux









    $ADPERLPRG $FND_TOP/patch/115/bin/TXKScript.pl \
    -script=$FND_TOP/patch/115/bin/txkInventory.pl -txktop=$APPLTMP \
    -contextfile=$CONTEXT_FILE \
    -appspass=apps \
    -outfile=$APPLTMP/Report_App_Inventory.html

    Note:
    - Run the above command in single line
    - Remove the '\' after each parameter while you run this command in a single line
    - Supply the apps user password as is applicable for parameter "-appspass"
    Windows








    %ADPERLPRG% %FND_TOP%\patch\115\bin\TXKScript.pl
    -script=%FND_TOP%\patch\115\bin\txkInventory.pl
    -txktop=%APPLTMP% -contextfile=%CONTEXT_FILE%
    -appspass=apps
    -outfile=%APPLTMP%\Report_App_Inventory.html
    Note:
    - Run the above command in single line
    - Remove the '\' after each parameter while you run this command in a single line
    - Supply the apps user password as is applicable for parameter "-appspass"

    Where:
    txktopTemporary working directory use by Perl Modules. Should not be an empty string.
    contextfileLocation of the context file. If not passed, default is picked from the environment.
    appspassAPPS schema password. If not passed, default password is used.
    outfileLocation for the report being generated. If not passed, the default location is /TXK

    To generate the report in text format, the parameter "-reporttype=text" needs to be passed to the above commands. For example:
    outfile=$APPLTMP/Report_App_Inventory.html -reporttype=text
  1. Operation SystemCommand Line
    Unix or Linux









    $ADPERLPRG $FND_TOP/patch/115/bin/TXKScript.pl \
    -script=$FND_TOP/patch/115/bin/txkInventory.pl -txktop=$APPLTMP \
    -contextfile=$CONTEXT_FILE \
    -appspass=apps \
    -outfile=$APPLTMP/Report_App_Inventory.html

    Note:
    - Run the above command in single line
    - Remove the '\' after each parameter while you run this command in a single line
    - Supply the apps user password as is applicable for parameter "-appspass"
    Windows








    %ADPERLPRG% %FND_TOP%\patch\115\bin\TXKScript.pl
    -script=%FND_TOP%\patch\115\bin\txkInventory.pl
    -txktop=%APPLTMP% -contextfile=%CONTEXT_FILE%
    -appspass=apps
    -outfile=%APPLTMP%\Report_App_Inventory.html
    Note:
    - Run the above command in single line
    - Remove the '\' after each parameter while you run this command in a single line
    - Supply the apps user password as is applicable for parameter "-appspass"

  1. Where:
  1. txktopTemporary working directory use by Perl Modules. Should not be an empty string.
    contextfileLocation of the context file. If not passed, default is picked from the environment.
    appspassAPPS schema password. If not passed, default password is used.
    outfileLocation for the report being generated. If not passed, the default location is /TXK
  1. To generate the report in text format, the parameter "-reporttype=text" needs to be passed to the above commands. For example:
  1. outfile=$APPLTMP/Report_App_Inventory.html -reporttype=text
  1. Once the command executes successfully, it should generate the report file in the location specified for "outfile" parameter in above script
  1. Incase you have more than one application tier's (multi-node architecture), follow the steps 1-4 on each of the Application tiers
  1. Upload the report output file (default: $APPLTMP/Report_App_Inventory.html )to Oracle Support for review

Sure it helps you....please comment.

Yours,
Narasimha Rao