Thursday, May 24, 2012

end date to the users in apps


/* Formatted on 2012/05/24 12:16 (Formatter Plus v4.8.8) */
DECLARE
   x   NUMBER;

   CURSOR c1
   IS
      SELECT user_name, user_id
        FROM fnd_user
       WHERE user_id IN
                (2522, 2584, 2286, 3430, 4067, 4193, 2360, 4171, 3896, 1818,
                 2544, 2533, 1165, 1569, 1571, 2416, 2649, 3136, 2620, 5682,
                 2872, 1210, 2912, 1384, 2514, 2540, 5382, 3322, 1313, 2735,
                 1389, 1719, 2671, 2321, 4451, 4151, 3429, 5762, 5662, 2437,
                 2290, 2436, 2498, 2419, 2580, 1010, 3995, 4172, 2784, 4552,
                 2412, 2318, 1839, 2481, 2483, 2313, 1390, 3990, 2602, 3997,
                 2851, 4456, 4300, 2489, 1977, 2017, 2018, 5130, 4654, 5279,
                 5522, 2876, 4148, 2840, 2398, 2179, 2357, 2524, 3034, 2675,
                 1796, 4365, 2623, 1841, 4026, 5174, 2410, 1493, 1492, 1491,
                 1490, 1620, 1621, 2277, 4301, 3977, 3590, 3199, 1183, 2260,
                 2465, 2753, 3202, 2608, 4000, 5320, 2534, 2507, 4815, 2607,
                 2933, 2307, 4736, 3174, 3937, 2890, 5220, 2601, 2508, 3434,
                 1669, 2340, 1160, 2510, 3894, 2509, 1195, 2309, 3898, 1172,
                 4859, 1418, 2515, 4695, 5422, 5088, 3074, 3913, 1009, 1008,
                 2777, 4152, 2344, 1013, 1012, 1937, 3425, 2757, 4674, 2771,
                 1594, 1595, 5259, 4347, 5542, 2305, 2291, 2535, 3198, 2355,
                 5239, 3469, 2467, 1284, 1957, 2358, 1648, 1649, 2266, 2249,
                 4532, 5196, 4714, 4386, 1141, 4169, 2384, 2241, 2606, 2774,
                 4068, 2468, 5217, 4066, 2302, 2755, 2270, 3916, 1185, 1176,
                 1259, 2611, 5281, 2572, 3988, 4472, 2479, 2411, 5460, 5129,
                 1170, 1164, 2354, 2256, 4492, 1512, 4634, 5221, 3751, 5300,
                 1187, 3261, 2141, 2325, 4961, 2758, 4454, 2617, 2622, 2873,
                 2528, 2624, 2633, 1623, 1624, 3428, 2557, 3014, 2493, 3016,
                 1169, 2387, 2369, 2836, 5216, 2263, 2314, 2835, 1239, 2596,
                 2676, 5401, 1154, 2376, 1395, 2292, 2590, 2597, 5046, 2841,
                 2750, 2331, 2589, 2595, 2571, 2461, 2362, 4257, 5002, 1715,
                 4363, 2932, 2631, 1319, 3651, 1112, 3472, 1711, 2177, 3491,
                 4237, 2677, 2322, 1191, 2621, 2303, 1216, 1917, 5154, 2795,
                 1781, 3989, 1347, 2775, 5502, 2284, 4614, 3015, 2577, 1396,
                 2367, 2770, 2381, 2603, 5218, 2272, 2440, 4345, 5260, 1148,
                 4346, 4429, 2549, 2265, 3987, 3235, 2752, 2393, 3181, 2471,
                 1718, 2605, 5642, 1619, 1157, 4410, 2530, 3214, 2538, 4876,
                 2448, 2432, 2733, 2330, 2878, 1159, 3652, 2769, 2751, 4959,
                 2261, 2138, 2388, 4406, 2377, 2057, 1714, 5003, 1211, 5299,
                 1242, 2504, 2581, 3405, 1432, 1385, 1150, 1757, 2594, 2403,
                 4407, 2574, 2674, 1294, 2327, 2059, 4411, 4457, 3570, 2673,
                 3447, 2294, 2474, 2567, 1194, 2838, 2555, 4342, 1113, 5340,
                 2793, 4633, 3431, 4214, 1753, 2477, 3999, 2454, 3234, 2599,
                 2337, 2257, 3096, 2276, 3983, 2593, 1423, 4006, 4007, 1219,
                 1011, 1568, 1570, 1565, 1567, 1562, 1563, 1574, 1575, 1449,
                 1448, 5742, 5622, 5702, 5603, 5602, 5623, 5604, 1419, 1420,
                 1838, 1188, 1519, 1518, 1189, 1429, 1428, 1424, 1576, 1577,
                 1517, 5151, 5006, 1559, 1558, 1495, 1494, 1468, 1469, 1572,
                 1573, 3194, 2366, 2060, 1939, 4857, 2798, 1421, 1422, 1497,
                 1496, 2460, 2444, 2425, 1564, 1566, 1509, 1508, 2335, 1561,
                 1560, 1515, 1514, 5380, 3195, 2815, 1713, 4960, 2275, 3367,
                 1314, 2782, 3897, 4572, 2781, 2392, 2954, 5087, 3076, 2879,
                 2779, 2501, 1760, 2995, 4001, 2364, 2297, 2041, 2842, 3017,
                 1616, 1840, 4086, 4919, 2299, 1208, 5109, 4734, 2797, 3488,
                 3178, 4362, 2521, 3530, 5195, 3991, 2421, 2346, 4449, 4147,
                 2604, 1180, 4858, 5066, 4455, 2614, 2884, 1346, 2455, 3550,
                 1212, 4592, 2473, 3445, 2259, 3098, 1179, 2847, 3077, 1196,
                 1510, 1857, 1178, 2636, 4939, 2434, 2634, 2729, 1325, 2628,
                 2445, 5219, 2281, 2503, 1342, 2543, 2794, 3054, 3571, 5400,
                 2300, 2560, 4862, 2178, 2258, 2478, 5111, 2462, 2569, 2295,
                 1712, 1143, 1387, 2470, 5381, 1218, 2568, 3984, 3992, 2780,
                 2887, 2487, 4453, 4344, 5261, 2433, 1668, 2626, 2315, 1716,
                 5005, 3134, 3115, 4898, 2279, 3259, 3985, 1289, 3432, 1625,
                 1626, 1513, 2139, 2273, 2500, 4298, 2502, 2469, 2536, 2352,
                 2582, 2356, 3982, 3433, 4899, 1198, 2365, 1115, 1204, 1776,
                 2289, 2516, 4735, 2476, 2495, 3094, 4635, 2552, 3981, 1240,
                 3471, 3179, 1244, 1427, 1193, 2525, 2037, 2304, 2672, 2457,
                 2488, 4302, 2852, 2396, 5441, 1140, 2888, 2891, 2609, 2527,
                 2532, 4836, 2881, 3154, 2042, 3260, 4755, 2550, 2482, 1166,
                 2301, 4694, 3914, 1386, 4107, 2242, 3342, 2418, 2570, 2576,
                 2306, 5026, 4452, 4408, 4106, 2252, 3895, 3467, 2407, 4150,
                 3510, 2618, 4127, 4233, 4512, 4174, 2934, 1612, 2320, 5360,
                 2670, 2844, 2288, 3468, 2563, 1135, 3998, 4715, 3262, 2439,
                 4450, 2378, 2458, 2556, 2615, 2218, 3771, 2383, 2254, 5722,
                 3078, 2610, 3986, 2404, 2913, 3490, 2787, 1281, 5004, 4860,
                 4856, 4897, 1614, 3470, 2813, 2592, 2785, 2405, 3257, 2280,
                 2619, 4364, 2632, 1184, 1322, 3980, 2408, 2385, 2449, 2443,
                 2140, 2341, 1192, 2370, 1393, 4005, 2523, 2773, 3255, 2217,
                 1381, 3893, 2039, 1897, 3917, 4775, 2776, 4385, 3101, 4297,
                 2077, 1425, 5110, 2267, 2453, 3427, 1006, 2359, 4003, 2484,
                 2466, 2247, 4277, 5480, 5481, 4612, 4409, 2880, 2541, 4236,
                 1756, 2494, 4170, 2463, 3993, 2342, 2583, 4149, 4981, 3095,
                 2038, 4002, 5001, 5131, 1326, 5562, 1592, 1593, 5301, 1241,
                 3691, 2539, 2395, 5482, 1511, 3075, 5222, 1538, 2417, 1199,
                 2627, 2237, 2409, 2250, 5440, 1489, 1488, 2848, 4613, 4861,
                 4835, 1344, 5503, 5582, 2564, 2450, 2248, 2519, 1092, 5683,
                 2565, 3978, 2850, 2573, 4235, 3979, 2711, 2877, 2464, 4234,
                 5089, 4920, 5302, 2022, 2019, 2021, 2023, 2020, 2406, 1316,
                 4299, 1168, 2391, 2397, 2559, 2548, 1147, 2814, 5421, 2239,
                 1394, 2058, 1200, 2431, 1280, 2977, 1397, 2886, 2400, 2496,
                 2490, 3446, 2379, 3631, 2475, 5194, 3344, 1283, 1731, 2348,
                 4795, 2441, 2380, 1324, 1426, 1822, 2274, 3142, 4343, 1138,
                 3489, 2754, 4896, 4046, 1618, 1139, 2587, 2996, 2157, 3813,
                 2849, 2883, 7, 1156, 1181);
BEGIN
   FOR x1 IN c1
   LOOP
      BEGIN
         fnd_user_pkg.updateuser (x_user_name      => x1.user_name,
                                  x_owner          => 'CUST',
                                  x_end_date       => SYSDATE
                                 );
         x := x + 1;
         DBMS_OUTPUT.put_line (   'User disabled , User Name: '
                               || x1.user_name
                               || ' User_id: '
                               || x1.user_id
                              );
      EXCEPTION
         WHEN OTHERS
         THEN
            NULL;
      END;
   END LOOP;

   DBMS_OUTPUT.put_line ('No of Users disabled : ' || x);
EXCEPTION
   WHEN OTHERS
   THEN
      NULL;
END;
Posted by at 1 comment:

Wednesday, May 23, 2012

SWITHCOVER PROCESS


SWITHCOVER PROCESS


NOTE: - 172.31.1.7 PRIMARY DATABASE

1.Check List Activity (Primary, Local and Remote)

SQL> select name, switchover_status, database_role from v$database;

NAME SWITCHOVER_STATUS DATABASE_ROLE
--------- ------------------ ----------------
GEMS SESSIONS ACTIVE PRIMARY

SQL> select dest_id,dest_name,status, error from v$archive_dest;

    DEST_ID DEST_NAME                                          
---------- ----------------------------------------------------
          1 LOG_ARCHIVE_DEST_1                                  
          2 LOG_ARCHIVE_DEST_2                                  
          3 LOG_ARCHIVE_DEST_3                                  
          4 LOG_ARCHIVE_DEST_4                                  
          5 LOG_ARCHIVE_DEST_5                                  
          6 LOG_ARCHIVE_DEST_6                                  
          7 LOG_ARCHIVE_DEST_7                                  
          8 LOG_ARCHIVE_DEST_8                                  
          9 LOG_ARCHIVE_DEST_9                                  
        10 LOG_ARCHIVE_DEST_10                                

select sequence#,applied from v$archived_log order by 1;
SEQUENCE# APPLIED
--------- -----------
161512 NO
161512 YES
161512 YES
161513 NO
161513 YES
161513 YES
161514 NO
161514 YES
161514 YES

2. At Primary 172.31.1.7

           SQL> alter database backup controlfile to trace;(rename as bkp_ctl_280307.ctl in udump)

           SQL>  alter database create standby controlfile as '/global/export/std_280307.ctl';

           SQL> alter system switch logfile;

   After the archive is applied on both local and remote standby we can proceed  further.                  

         
          SQL> alter database commit to switchover to physical standby with session shutdown;

       


   These will change the database role from primary to physical standby hence   now
                         
                        Primary (172.31.1.7) will be in Standby mode


      3. At Local Standby 172.31.1.3 (NEW PRIMARY DATABASE)

SQL> alter database recover managed standby database cancel;

                                  These will cancel the Managed Recovery Mode (MRM)

              SQL> recover standby database;

                                   These is for making assurance for no archive left for recovery

SQL> alter database commit to switchover to primary;

        These will change the database role from PHYSICAL STANDBY to PRIMARY

      4. SHUTDOWN BOTH THE INSTANCES AT 172.31.1.7 AND 172.31.1.3

172.31.1.7 172.31.1.3
        SQL> shutdown immediate         SQL> shutdown immediate
        Lsnrctl stop GEMS
(will stop the listener for application)
        lsnrctl stop LISTENER
(will stop the default listener )


5. START BOTH THE INSTANCES AT 172.31.1.7 AND 172.31.1.3 (follow steps properly)

172.31.1.3 172.31.1.7
       SQL> startup     SQL> startup nomount
       SQL>select name,switchover_status,
               database_role from v$database;     SQL> alter database mount standby database;
    SQL> alter database recover managed standby
              database disconnect from session;
          These will keep the database in MRM
      SQL>select name, switchover_status,
               database_role from v$database

6. SOME ACTIVITY HAS TO BE DONE ON 172.31.1.3

SQL> create tablespace templ tempfile  '/g09/app/oracle/oradata/GEMS/templ_01.dbf' size 2048m extent management local;
         
             SQL> alter database default temporary tablespace templ;

                 If you want to run application the

                 $ Lsnrctl start GEMS
                 $ Lsnrctl start LISTENER

7. Check the remote standby database status if not restart the instance

SQL> select name, switchover_status, database_role from v$database;

SQL> alter database recover managed standby database cancel;

SQL> recover managed standby database;

               SQL>shutdown immediate

              lsnrctl stop lsnrgemsr

               SQL> startup nomount

SQL> alter database mount standby database;

               SQL> alter database recover managed standby database disconnect from session;

SQL> select name, switchover_status, database_role from v$database;

NAME SWITCHOVER_STATUS DATABASE_ROLE
--------- ------------------ ----------------
GEMS SESSIONS ACTIVE PHYSICAL STANDBY

            $  lsnrctl start lsnrgemsr




In-order to do activity at 172.31.1.7 being standby

 SQL> q

NAME SWITCHOVER_STATUS DATABASE_ROLE
--------- ------------------ ----------------
GEMS SESSIONS ACTIVE PHYSICAL STANDBY

 SQL> alter database recover managed standby database cancel;

 SQL> recover managed standby database;

               SQL>shutdown immediate

             $  lsnrctl stop lsnrgemsr

Take the backup according to the policy


After activity at 172.31.1.7 in standby mode

               SQL> startup nomount


SQL> alter database mount standby database;


               SQL> alter database recover managed standby database disconnect from session;






          SQL> select name, switchover_status, database_role from v$database;


NAME SWITCHOVER_STATUS DATABASE_ROLE
--------- ------------------ ----------------
GEMS SESSIONS ACTIVE PHYSICAL STANDBY

              lsnrctl start lsnrgemsr







SWITCH BACK PROCESS


Note: In order to switch back 172.31.1.7 AS PRIMARY Database, it should be in standby mode, up and running

NOTE: - 172.31.1.3 (PRIMARY DATABASE)

1.Check List Activity (Primary (3), Local (7) and Remote (12))

SQL> select name, swithover_status, database_role from v$database;

SQL> select dest_id, dest_name, status, error from v$archive_dest;

SQL> select sequence#,applied from v$archived_log order by 1;

2. At Primary 172.31.1.3

    SQL> alter database backup controlfile to trace;

SQL> alter system switch logfile;

                      After the archive is applied on both local and remote standby we can proceed further
         

           SQL> alter database commit to switchover to physical standby with session shutdown;

                           These will change the database role from primary to physical standby hence now
                            Primary (172.31.1.3) will be in Standby mode

  3. At Local Standby 172.31.1.7

SQL> alter database recover managed standby database cancel;

                                  These will cancel the Managed Recovery Mode (MRM)

              SQL> recover standby database;

                                   These is for making assurance for no archive left for recovery

SQL> alter database commit to switchover to primary;

     These will change the database role from PHYSICAL STANDBY to PRIMARY




4. SHUTDOWN BOTH THE INSTANCES  AT 172.31.1.7 AND 172.31.1.3

172.31.1.7 172.31.1.3
        SQL> shutdown immediate         SQL> shutdown immediate
        Lsnrctl stop GEMS
(will stop the listener for application)
        lsnrctl stop LISTENER
(will stop the default listener )

5. START BOTH THE INSTANCES AT 172.31.1.7 AND 172.31.1.3 (follow steps properly)

172.31.1.7 172.31.1.3
       SQL> startup     SQL> startup nomount
       SQL>select name,switchover_status,
               database_role from v$database     SQL> alter database mount standby database;
      Lsnrctl start GEMS
      Lsnrctl start LISTENER     SQL> alter database recover managed standby
              database disconnect from session;
          These will keep the database in MRM
ALTER SYSTEM SET log_archive_dest_state_2=enable scope=both       SQL>select name,switchover_status,
               database_role from v$database

6. Check the remote standby database status if not restart the instance

SQL> select  name,swithover_status,database_role from v$database;

SQL> alter database recover managed standby database cancel;

SQL> recover managed standby database;

               SQL>shutdown immediate

              lsnrctl stop lsnrgemsr

               SQL> startup nomount

SQL> alter database mount standby database;

               SQL> alter database recover managed standby database disconnect from session;
SQL> select name, swithover_status,database_role from v$database;

              lsnrctl start lsnrgemsr



Posted by at No comments:

Monday, May 21, 2012

Is it Recommended to End Date SYSADMIN Application User?



Is it Recommended to End Date SYSADMIN Application User? 

Goal

Is it recommended to end-date the SYSADMIN Application User?

Solution

No, it is strongly recommended not to end date the SYSADMIN application user.

Known effects :
  • The SYSADMIN account has several seeded jobs which you need to run under a different account.
  • The script adcmctl.sh uses SYSADMIN for CONCSUB calls.
  • Many scripts in patches uses SYSADMIN for loader permissions, so you should reactivate the account before patching.
  • If you have workflow setup with sysadmin as administrator, you need to reset the administrator to other application user.

Posted by at No comments:

How to Stop the Force Password Reset on Creation of User Account


How to Stop the Force Password Reset on Creation of User Account

After the creation of an e-business suite user, how to stop the force password reset on the user's first log in to the application?


Solution

After the creation of  the user from the Define Users forms, the following SQL statement can be used to disable the force password reset on the user's first log in:
set serveroutput on
declare
l_user_name varchar2(2000);
begin
l_user_name := 'PDUVAL';
fnd_user_pkg.updateuser(x_user_name => l_user_name, X_OWNER => 'SEED', x_password_date =>sysdate);
end;
/

On the above SQL statement, replace 'PDUVAL' by the username created on the Define Users forms.
Posted by at No comments:

Unable To Pass NULL Values Parameters To The Package API FND_USER_PKG



Unable To Pass NULL Values Parameters To The Package API FND_USER_PKG 

Symptoms

You want to run the API Fnd_User_Pkg.UpdateUser in order to update the two fields x_password_accesses_left  and x_password_lifespan_accesses with the value NULL like :
fnd_user_pkg.UpdateUser (
          x_user_name             => l_user_name,
          x_owner                 => null,
          x_password_accesses_left     => null,
          x_password_lifespan_accesses => null,
          x_password_date         => sysdate);
    end;
    /

After running fnd_user_pkg.UpdateUser, the two columns password_accesses_left  and password_lifespan_accesses of the table FND_USER are not updated to null and stay at their original values .
Cause

To set the null value, you must set fnd_user_pkg.null_number to password_accesses_left and password_lifespan_accesses.
Solution

Please use the function fnd_user_pkg.null_number to set parameters to null :
set serveroutput on
    declare
    l_user_name varchar2(2000);
    begin
    l_user_name := 'PDUVAL';
    fnd_user_pkg.UpdateUser (
          x_user_name             => l_user_name,
          x_owner                 => null,
          x_password_accesses_left     => fnd_user_pkg.null_number,
          x_password_lifespan_accesses => fnd_user_pkg.null_number,
          x_password_date         => sysdate);
    end;
    /
Posted by at No comments:

How to End-Date/Delete an Applications User



How to End-Date/Delete an Applications User 

Goal

How to end-date an applications user.

Solution
- There is no API or scripts to delete user accounts in FND_USER.

- Delete an e-business suite user account is not possible and not supported.

- The only way  is to disable the user accounts by end-dated the user accounts from the Define Users forms or using the following API :

  • FND_USER_PKG.UPDATEUSER you may pass an end date to the parameter X_END_DATE of the procedure FND_USER_PKG.UPDATEUSER.
    This will disable the user account.
The example below shows how to end-date custom user JANE:
fnd_user_pkg.updateuser(x_user_name=>'JANE',x_owner=>'CUST',x_end_date=>SYSDATE);

x_owner can be either SEED or CUST:
  • To end date seeded users (i.e. sysadmin) x_owner= SEED
  • To end date custom users x_owner = CUST
or use the API :
  • FND_USER_PKG.DISABLEUSER and pass the username as parameter .
    This will disable the user too.

Note : After disabling a user, you can enable it by using the package FND_USER_PKG.EnableUser
Posted by at No comments:

Friday, May 18, 2012

Set E-Business Suite Timeout Parameters and Profiles




An unattended PC without the screen locked poses a security risk.  Likewise, an unattended or long running E-Business Suite user session can also pose a risk.  The E-Business Suite provides many configuration parameters and profile settings to control user sessions.  I recommend reviewing these against your existing corporate policies and setting them according to our recommendations after testing their impact.  The following sections describe those items that I recommend setting.

  • ICX Timeout Profile Values
The following E-Business Suite profile options control screen timeouts for Forms, as well as Self Service sessions.  Again, please note, some of the ICX profiles also control Forms Session timeouts!  This can be confusing since Inter-Cartridge Exchange (ICX) is often associated with Self Service applications. This is no longer the case since the release of Framework for the ICX Profiles control the timeout functionality.

Parameter
Default
Recommendation
ICX:Session Timeout
None
30 (minutes)
ICX: Limit Time
4 (hours)
4 (hours)
ICX: Limit Connect
1000
2000
·         ICX:Session Timeout - This profile option determines the length of time (in minutes) of inactivity in a user's form session before the session is disabled.  Note that disabled does not mean terminated or killed.  The user is provided the opportunity to re-authenticate and re-enable their timed-out session. If the re-authentication is successful, the disabled session is re-enabled and no work is lost. Otherwise, the session is terminated without saving pending work.  This functionality is available via Patch 2012308 (included in 11.5.7, FND.E).  Note: Setting the profile value to greater than 30 minutes can drain the JVM resources and cause ‘out of memory’ errors.
·         ICX: Limit time - This profile option defines the maximum connection time for a connection – regardless of user activity.  If 'ICX:Session Timeout' is set to NULL, then the session will last only as long as 'ICX: Limit Time', regardless of user activity. 
·         ICX: Limit connect - This profile option defines the maximum number of connection requests a user can make in a single session. Note that other EBS internal checks will generate connection requests during a user session, so it is not just user activity that can increment the count. 
§         CRM Application Timeout Profile Values
CRM applications use the afore-mentioned ICX timeout profiles (ICX:Session Timeout, ICX: Limit Time, and ICX: Limit Connect), but additionally, CRM also utilizes the  JTF_INACTIVE_SESSION_TIMEOUT profile option.

Parameter
Default
Recommendation
JTF_INACTIVE_SESSION_TIMEOUT
None
30 (minutes)
JTF_INACTIVE_SESSION_TIMEOUT - This profile option affects CRM-based products only, and serves the same purpose as the ICX:Session Timeout profile. This profile option exists for legacy reasons, and its value should be set the same as ICX:Session Timeout.
  • Jserv (Java) Timeout Settings
     
Parameter
Recommendation
disco4iviewer.properties:session.timeout
5400000 (milliseconds)
formservlet.ini:FORMS60_TIMEOUT
55 (minutes)
formservlet.properties:session.timeout
5400000 (milliseconds)
jserv.conf:ApJServVMTimeout
360  (seconds)
mobile.properties:session.timeout
5400000 (milliseconds)
zone.properties:session.timeout
5400000 (milliseconds)
zone.properties:servlet.framework.initArgs
5400000 (milliseconds)
These settings are located at: ../*ora/iAS/Apache/Jserv/etc
JServ Timeout is specified by the value of the property session.timeout in the JServ configuration file zone.properties, and represents the number of milliseconds to wait before ending an idle JServ session (the default is 30 minutes).  This timeout is used by products based on Oracle Applications Framework (OAF).   
  • Apache HTTP Timeout Settings
The following parameter settings control timeout behavior within Apache.
Parameter
Recommendation
httpd.conf:Timeout
300 (seconds)
httpd.conf:KeepAliveTimeout
15 (seconds)
httpd.conf:SSLSessionCacheTimeout
300 (seconds)
These settings are located: ../*ora/iAS/Apache/Apache/conf
  • Forms 60 Environment Timeout Variables
The following parameter settings control timeout behavior within Oracle Forms.
Parameter
Recommendation
FORMS60_TIMEOUT
55 (minutes)
FORMS60_CATCHTERM
0
You should modify the APPL_TOP/.env setting to include the following settings:
FORMS60_CATCHTERM=0
FORMS60_TIMEOUT=55 (minutes) 
I recommend using a timeout value of 55 because it is less than the 60 minute value recommended for the web apache timeout values.  Note that these values may vary depending on security policies.
  • Oracle Single Sign-On Server Timeouts
The following parameter setting controls timeout behavior within Oracle Single Sign-On. 
‘Single Sign-On Session Duration’ represents the number of hours a user can be logged in to the server without being timed out and having to log in again. This timeout value can be specified from the "Edit SSO Server Configuration" link on the SSO Server Administration page.  When a user logs in to Release 11i via the Single Sign-On Server, an SSO login session is created and remains valid for the duration specified by this setting. 

Posted by at 1 comment:

Tuesday, May 15, 2012

RC-00110 Error While Running adlnkoh.sh



RC-00110 Error While Running adlnkoh.sh [ID 330469.1]
  Modified 19-JAN-2011     Type PROBLEM     Status PUBLISHED
In this Document
  Symptoms
  Cause
  Solution

Symptoms

When running adcfgclone on DBTier,
the following errors occur :

ERROR
RC-00110: Fatal: Error occurred while relinking of ApplyDBTechStack
- 50% completed
ERROR while running Apply...
ERROR: Failed to execute adclone.pl

StackTrace:
java.lang.Exception: java.lang.NullPointerException
        at oracle.apps.ad.clone.ApplyDBTechStack.runRelinkOH(ApplyDBTechStack.java:779)
        at oracle.apps.ad.clone.ApplyDBTechStack.(ApplyDBTechStack.java:361)
        at oracle.apps.ad.clone.ApplyDBTier.(ApplyDBTier.java:126)
        at java.lang.reflect.Constructor.newInstance(Native Method)
        at oracle.apps.ad.clone.util.CloneProcessor.run(CloneProcessor.java:68)
        at java.lang.Thread.run(Unknown Source)

A close examination of the Rapidclone log file, ApplyDBTechStack

Cause

In this case the problem is a missing file from "$ORACLE_HOME/rdbms/admin/shrept.lst", this file is used by the "genclntsh", a shell script that builds the shared libraries. The "genclntsh" requires "shrept.lst" so when it is missing that will cause adlnkoh.sh to fail, which in turn causes the clone to fail.


Solution

To implement the solution, please execute the following steps:

1.Copy this file ORACLE_HOME/rdbms/admin/shrept.lst from other $ORACLE_HOME/rdbms/admin/ (at same server if available).
2.  Rerun the adcfgclone on DBTier which will now complete successfully.
Posted by at No comments:

Rc-50004: Fatal: Error Occurred In Stagedbtier



Rc-50004: Fatal: Error Occurred In Stagedbtier [ID 1269163.1]
  Modified 24-NOV-2010     Type PROBLEM     Status MODERATED
In this Document
  Symptoms
  Cause
  Solution

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
Applies to:

Oracle Applications Manager - Version: 11.5.10.2 and later   [Release: 11.5.10 and later ]
Information in this document applies to any platform.
Symptoms


=== ODM Issue Clarification ===
when running adpreclone.pl dbTier
the following error occurs
-----------------------------------------------------------
Checking if oui22 is already registered in the local inventory
Checking for oracle.swd.oui 2.2 in ORACLE_HOME /dasevi/oracle/agrodesdb/10.2.0


StackTrace:
oracle.sysman.oii.oiit.OiitTargetLockNotAvailableException: OUI-10022:The target area /etc/oraInventory cannot be used because it is in an invalid state.
at oracle.sysman.oii.oiit.OiitTargetLocker.getWriterLock(OiitTargetLocker.java:310)
at oracle.sysman.oii.oiit.OiitTargetLocker.getWriterLock(OiitTargetLocker.java:183)
at oracle.sysman.oii.oiit.OiitTargetLocker.getWriterLock(OiitTargetLocker.java:170)
at oracle.sysman.oii.oiic.OiicStandardInventorySession.acquireLocks(OiicStandardInventorySession.java:403)
at oracle.sysman.oii.oiic.OiicStandardInventorySession.initSession(OiicStandardInventorySession.java:301)
at oracle.sysman.oii.oiic.OiicStandardInventorySession.initSession(OiicStandardInventorySession.java:231)
at oracle.sysman.oii.oiic.OiicStandardInventorySession.initSession(OiicStandardInventorySession.java:180)
at oracle.apps.ad.clone.util.OracleHomeCloner.isOUI22Registered(OracleHomeCloner.java:674)
at oracle.apps.ad.clone.StageDBTechStack.do10gSpecifics(StageDBTechStack.java:866)
at oracle.apps.ad.clone.StageDBTechStack.doStage(StageDBTechStack.java:305)
at oracle.apps.ad.clone.StageDBTechStack.(StageDBTechStack.java:289)
at oracle.apps.ad.clone.StageDBTier.(StageDBTier.java:211)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at oracle.apps.ad.clone.util.CloneProcessor.run(CloneProcessor.java:68)
at java.lang.Thread.run(Thread.java:534)
Cause


missing write permissions in etc/oraInventory/locks the user who is running adpreclone.pl


Solution


1/ Give write permissions to the user running adpreclone.pl to /etc/oraInventory/locks directory
2/ Ensure you are able to "touch" a file in this location before retrying adpreclone.pl
3/ Then re-run adpreclone.pl
Posted by at No comments:

Listener_es Fails to Start with a Linux Error 1: Operation Not Permitted



Listener_es Fails to Start with a Linux Error 1: Operation Not Permitted [ID 472386.1]
  Modified 05-MAY-2011     Type PROBLEM     Status ARCHIVED
In this Document
  Symptoms
  Changes
  Cause
  Solution

Applies to:

Email Server - Version: 10.1.2 to 10.1.2 - Release: 10.1.2 to 10.1.2
Information in this document applies to any platform.
Checked for relevance on 04-DEC-2009
Symptoms

Listener_es is not starting. It fails with the following errors:
TNSLSNR for Linux: Version 10.1.0.4.2 - Production
System parameter file is /u01/oracle/product/1012/ocsapps/network/admin/listener.ora
Log messages written to /u01/oracle/product/1012/ocsapps/network/log/listener_es.log
Error listening on: (DESCRIPTION=(ADDRESS=(PROTO =IPC)(KEY=..........)))
TNS-12555: TNS:permission denied
TNS-12560: TNS:protocol adapter error
TNS-00525: Insufficient privilege for operation
Linux Error: 1: Operation not permitted
Changes

Installation was copied to another server.
Cause

Owner and group of the contents of directory /var/tmp/.oracle belong to root

Solution

1. Change the owner and the group of the content of the directory /var/tmp/.oracle, including the directory
su -
cd /var/tmp/.oracle
chown oracle:ogroup *

2. Start the listener as root

cd $ORACLE_HOME/bin
./tnslnsr LISTENER_ES -u -g

Posted by at No comments:

Rc-50004: Fatal: Error Occurred In Applydatabase:Control File Creation Failed



Rc-50004: Fatal: Error Occurred In Applydatabase:Control File Creation Failed [ID 1350709.1]
  Modified 06-OCT-2011     Type PROBLEM     Status PUBLISHED
In this Document
  Symptoms
  Cause
  Solution
  References

Applies to:

Oracle Applications Manager - Version: 11.5.10.2 to 12.1.3 - Release: 11.5.10 to 12.1
Information in this document applies to any platform.
Symptoms

When attempting to clone the DB Tier , the following error occurs.

ERROR
-----------------------
Logfile Name : ApplyDBTier_08211054.log

RC-00118: Error occurred during creation of database
Raised by oracle.apps.ad.clone.ApplyDatabase


StackTrace:
java.lang.Exception: Control file creation failed
at oracle.apps.ad.clone.ApplyDatabase.(ApplyDatabase.java:661)
at oracle.apps.ad.clone.ApplyDatabase.(ApplyDatabase.java:328)
at oracle.apps.ad.clone.ApplyDatabase.(ApplyDatabase.java:304)
at oracle.apps.ad.clone.ApplyDBTier.(ApplyDBTier.java:154)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at oracle.apps.ad.clone.util.CloneProcessor.run(CloneProcessor.java:68)
at java.lang.Thread.run(Thread.java:534)


Also Log file addlnctl.txt showing the following error :

ERROR:
--------------


TNSLSNR for Linux IA64: Version 10.2.0.3.0 - Production
System parameter file is $RDBMS_ORACLE_HOME/network/admin/clone_dbclone/listener.ora
Log messages written to $RDBMS_ORACLE_HOME/network/admin/clone.log
Error listening on: (ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROCclone))
TNS-12555: TNS:permission denied
TNS-12560: TNS:protocol adapter error
TNS-00525: Insufficient privilege for operation
Linux IA64 Error: 1: Operation not permitted




Cause

The contents of directory /var/tmp/.oracle have wrong permission
Solution

Please apply the following solution:

1- change permission /var/tmp/ . oracle

[root@dbclone tmp]# chmod -R 777 .oracle/
Posted by at No comments:

Oracle Password Management Policy



Oracle Password Management Policy [ID 114930.1]
 Modified 05-APR-2012     Type BULLETIN     Status PUBLISHED 

Applies to:

Oracle Server - Enterprise Edition - Version: 9.2.0.1 to 11.1.0.6 - Release: 9.2 to 11.1
Information in this document applies to any platform.

Purpose

This bulletin is intended to provide a brief description of Oracle's Password Management Policy features.

Scope and Application

This document is meant for use as a reference by the Oracle DBAs.

Oracle Password Management Policy

Overview


Password Management is setup by DBAs using Oracle Profiles. A general recommendation is to assign only those schemas a profile with password aging an expiration features if the users have the ability to independently change their password from their end-user application when the password expires, usually this means the application they use must have correctly implemented the OCIPasswordChange() OCI call such as sqlplus.

A Profile is setup with the required password parameters and then assigned to a user: 


SQL> create profile custom limit failed_login_attempts 20;

Profile created.

SQL> alter user scott profile custom;

User altered.



Oracle provides the script $ORACLE_HOME/rdbms/admin/utlpwdmg.sql to setup password 
management features on the DEFAULT profile. DBAs can use it as a sample to see how the password management features are enabled. Copy the utlpwdmg.sql script and customize it to your own needs and then test it before implementing in production.


Currently there are  7 password management parameters that can be specified in a database profile. Each password management feature discussed below includes a reference to the relevant profile parameters.


1. Account Locking


When a user exceeds a designated number of failed login attempts (FAILED_LOGIN_ATTEMPTS), the server automatically locks that user's account for a specified time period (PASSWORD_LOCK_TIME).

Profile parameters: 

FAILED_LOGIN_ATTEMPTS
PASSWORD_LOCK_TIME


2. Password Aging and Expiration


When the specified amount of time passes (PASSWORD_LIFE_TIME) the password expires, and the user or DBA must change the password. A grace period in days (PASSWORD_GRACE_TIME) can be set allowing the user time to change their password after it has expired. Users enter the grace period upon the first attempt to login to a database account after their password has expired. During the grace period, a warning message appears each time users try to log in to their accounts, and continues to appear until the grace period expires. Users must change the password within the grace period. If the password is not changed within the grace period, the account expires and no further logins to that account are allowed until the password is changed.

Note that a password cannot and will not be locked as a result of exceeding the life time and subsequent grace time, however the user will not be able to login until the password is changed.

Profile parameters: 

PASSWORD_LIFE_TIME
PASSWORD_GRACE_TIME


3. Password History


 A time interval during which users cannot reuse a password (PASSWORD_REUSE_TIME). This can be specified as either a time interval in days, or a number of password changes the user must make before the current password can be reused (PASSWORD_REUSE_MAX).

Profile parameters: 

PASSWORD_REUSE_TIME
PASSWORD_REUSE_MAX



4. Password Complexity Verification


 DBAs can create their own password verification routines using PL/SQL and then instruct the server to use this routine to check the complexity of the passwords while they are set. 


Profile parameter:

PASSWORD_VERIFY_FUNCTION


The SYS owned PL/SQL function must adhere to the following format: 


routine_name( userid_parameter IN VARCHAR2, password_parameter IN VARCHAR2,
old_password_parameter IN VARCHAR2) RETURN BOOLEAN



The default password verification function is present in $ORACLE_HOME/rdbms/admin/utlpwdmg.sql. This can be used as an example and modified according to your needs.   

This function can be associated with a profile this way: 


alter profile default limit password_verify_function ;


To disable the verify function of a given profile, set it to NULL:



SQL> alter profile default limit password_verify_function null;



Once complexity checking is enabled, a user can change his/her password in a number of different ways:

  • Using the sqlplus 'password' command:

SQL> connect scott/tiger
Connected.
SQL> password
Changing password for SCOTT
Old password:
New password:
Retype new password:
Password changed
SQL>


  • Using the ALTER USER statement:

SQL> ALTER USER &MYUSERNAME IDENTIFIED BY &NEWPASSWORD REPLACE &OLDPASSWORD;


The ALTER USER syntax using the REPLACE keyword was added as part of the fix to Bug 1231172 so this syntax will work in all currently supported releases.

  • Any custom application using the OCIPasswordChange() call. This can be used by application developers to develop customer friendly screens, when developing such an application it is important to generate the proper responses to the following exceptions associated with password management feature.




Example using all Password Management features previously discussed:


-- A default password complexity function is provided.
-- This sample function makes no checks and always returns true.
-- The logic in the function should be modified as required.
-- See $ORACLE_HOME/rdbms/admin/utlpwdmg.sql for an idea of kind
-- of logic that can be used.
-- This function must be created in SYS schema.
-- connect sys/ as sysdba before running this.



-- This function will not check the provided password. It is just an example and
-- will return true for any password. For a real password verification routine see
-- script $ORACLE_HOME/rdbms/admin/utlpwdmg.sql.


CREATE OR REPLACE FUNCTION always_true (username varchar2,
password varchar2, old_password varchar2) RETURN boolean IS
BEGIN
RETURN(TRUE);
END;
/

-- This script alters the default parameters for Password Management.
-- This means that all the users on the system have Password Management
-- enabled and set to the following values unless another profile is
-- created with parameter values set to different value or UNLIMITED
-- is created and assigned to the user.

ALTER PROFILE DEFAULT LIMIT
PASSWORD_LIFE_TIME 60 -- (days)
PASSWORD_GRACE_TIME 10 --(days)
PASSWORD_REUSE_TIME 1800
PASSWORD_REUSE_MAX UNLIMITED
FAILED_LOGIN_ATTEMPTS 3 --(times)
PASSWORD_LOCK_TIME 1/1440 --(days)
PASSWORD_VERIFY_FUNCTION always_true;


Posted by at No comments:
Subscribe to: Posts (Atom)