Monday, December 08, 2014

Extract priv.key from Oracle Wallet and convert to Java keystore

Brief extract from an issue encountered recently when we renewed SSL Certificates.

Normal process we follow is use openssl -> Create CSR -> Get verisign cert -> Convert to Oracle Wallet -> Convert to keystore.

In Fusion Middleware 11g for creating Oracle Wallet from openssl we need to follow Oracle Note 184701.1. Because of a bug I was not able to see the wallet in OWM.  So the below new process is used 
create OWM Cert -> Get Verisign Cert -> Import into OWM -> Extract priv.key -> Convert to java keystore

Following are the brief steps
1) Generate CSR using OWM executable using "owm" binary from Fusion Middleware Home
2) Submit the CSR to Verisign and after you get the user certificate, import into OWM and select Auto Login and save
3) Use the ewallet.p12 cwallet.sso (From Step 2) in Fusion Middleware OHS,
4) From ewallet.p12 extract the priv.key
openssl pkcs12 -in /tmp/SSL_2014/oraclewallet_dir/ewallet.p12 -nocerts -out private_key.pem
The first password that openssl asks (Enter Import Password) is the wallet password, the other password (Enter PEM pass phrase) is used to protect the exported key.
openssl rsa -in private_key.pem -out priv.key
5) Use the SSL Cert and priv.key in Apache
6) Create Java Keystore from Oracle Wallet
export PATH=$PATH:$MW_HOME/oracle_common/bin/
orapki wallet pkcs12_to_jks -wallet ewallet.p12 -jksKeyStoreLoc ewallet.jks -jksKeyStorepwd -pwd
7) Use the JKS in Oracle Weblogic Server.

8) Which File and where it is used
ewallet.jks -- is Used in Oracle Weblogic Server.
ewallet.p12 and cwallet.sso    -- is used in Fusion Middleware OHS
server.crt and priv.key -- is used in Apache

9) Useful verification commands

Verify CSR
openssl req -in fsplifm1.csr -noout -text

Verify private.key
openssl rsa -in private.key -check

Verify Oracle Wallet
orapki wallet display -wallet oraclewallet_dir -pwd

Verify Java Keystore
keytool -list -keystore ewallet.jks -storepass

 Good Luck!

Thursday, December 19, 2013

Use Java Code Signing Certificate in Oracle E-Business Suite

Create and Import Java Code Signing Certificate to use in Oracle E-Business Suite

Ref: Oracle Note
Enhanced Jar Signing for Oracle E-Business Suite (Doc ID 1591073.1)

Oracle note is important document and covered most of the errors/resolutions. But there are short comings in the document .I did not use ADJAVA command and substituted with KEYTOOL command.

1)     Generate KeyPair

keytool -genkey -keyalg RSA -keysize 4096 -alias EbsJarCert -keypass EbsJarkp1 -storepass EbsJarsp1 -keystore /ebs/home/test/keystore.dat –v

What is your first and last name?
What is the name of your organizational unit?
  [Unknown]:  Ebs
What is the name of your organization?
  [Unknown]:  Ebs Company
What is the name of your City or Locality?
  [Unknown]:  Washington
What is the name of your State or Province?
  [Unknown]:  District of Columbia
What is the two-letter country code for this unit?
  [Unknown]:  US
Is, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US correct?
  [no]:  yes

Generating 4,096 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 90 days
        for:, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US
[Storing /ebs/app/keystore.dat]

2)      Verify KeyPair

$ keytool -list –v -storepass EbsJarsp1 -keystore /ebs/home/test/keystore.dat -alias EbsJarCert
 ( You can also execute the same command with adjkey
adjkey -list -v -storepass EbsJarsp1 -keystore /ebs/home/test/keystore.dat -alias EbsJarCert)

Alias name: EbsJarCert
Creation date: Dec 17, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner:, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US
Issuer:, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US
Serial number: 52b06a4a
Valid from: Tue Dec 17 09:05:46 EST 2013 until: Mon Mar 17 10:05:46 EDT 2014
Certificate fingerprints:
         MD5:  10:37:62:7D:60:EA:89:AF:15:77:19:62:59:49:28:DD
         SHA1: 02:93:CC:96:BD:EF:CE:28:B9:38:51:8E:4B:F8:94:05:ED:C8:68:0A
         Signature algorithm name: SHA1withRSA
         Version: 3

3)      Request Certificate (CSR)

keytool -certreq -alias EbsJarCert \
                -storepass EbsJarsp1 -keypass EbsJarkp1 \
                -file /ebs/home/test/EbsJarCert.csr \
                -keystore /ebs/home/test/keystore.dat

4)      Submit your CSR to Signing  Authority for certificate (Verisign)

Note: Be sure to request a Java Code Signing Certificate. This certificate can be used to sign your jar content across one or mutliple Oracle E-Business Suite environmments. After you get the certificate, export in X509 format and ftp in ascii to web server.

5)      Verify the Certificate (CRT) after you receive from Verisign

keytool -printcert -v -file /ebs/home/test/EbsJarCert.crt

6)      Import Intermediate and Root Certificate to the cacerts Keystore File

Create myca.crt ( by exporting Intermediate and Root Certificate in X509 format)
Go to = $OA_JRE_TOP/jre/lib/security/
chmod +w cacerts
cat inter.crt root.crt >myca.crt
keytool -import -alias myca -file myca.crt -trustcacerts -v -keystore cacerts
chmod a-w cacerts
Note: The default Java for the cacerts keystore certificates file is usually changeit.

7)      Import the Java Code Signing Certificate into the Keystore

= $APPL_TOP/admin
Create EbsJarCert.crt ( by exporting .crt in X509 format)
cp EbsJarCert.crt $APPL_TOP/admin/adkeystore.crt 
cp /ebs/home/test/keystore.dat $APPL_TOP/admin/adkeystore.dat

Import the certificate
keytool -import \
                -file /ebs/app/test/ appl/admin/adkeystore.crt \
                -trustcacerts -storepass EbsJarsp1
                -alias EbsJarCert \
                -keystore /ebs/app/test / appl/admin/adkeystore.dat
8)      Verify and Update jripasswords in the database

Login as APPS
set serveroutput on
spass varchar2(30);
kpass varchar2(30);
ad_jar.get_jripasswords(spass, kpass);
dbms_output.put_line('STOREPASS = '||spass);
dbms_output.put_line('KEYPASS = '||kpass);

If STOREPASS and KEYPASS does not match to adkeystore.dat then update with correct passwords
SQL> exec ad_jar.PUT_JRIPASSWORDS('EbsJarsp1',' EbsJarkp1');

9)      Generate JAR files with ADADMIN

vi $APPL_TOP/admin/adsign.txt
EbsJarCert 1 CUST

Choose Generate Applications Files menu
From this menu choose Generate product JAR files

Enter yes when prompted with: Do you wish to force regeneration of all jar files? [No] ? yes

10)   Verify the Digital Signature of a Signed Jar File
jarsigner -verify -verbose -certs /ebs/app/test /comn/java/oracle/apps/fnd/jar/fndlist.jar

X.509,, OU=Digital ID Class 3 - Java Object Signing, OU=Ebs, O=Ebs Company, L=Washington, ST=District of Columbia, C=US
      [certificate is valid from 12/17/13 7:00 PM to 12/16/15 6:59 PM]
jar verified.

11)   Test the Applications

Java Control Panel -> Security -> Security Level: Very High
Java Control Panel -> Advanced  -> Show Console (Check)
Java Control Panel -> Advanced  -> Enable logging (Check)
Java Control Panel -> Advanced  -> Enable Trace (Check)

Login to Applications and test

Verify output In Java Console for any issues/errors/warning.

Some of them are
Missing Permissions manifest attribute for:
Missing Codebase manifest attribute for:
https:// https://11iurl /OA_JAVA/oracle/apps/fnd/jar/fndutil.jar

All the JAR files are not signed properly , run the following commands
adjava -mx512m -nojit -masterArchive $JAVA_TOP -sync -reportfile javatopfiles.lst
adjava -mx512m -nojit -masterArchive $JAVA_TOP -sync -mode APPLY
Run ADADMIN again and force generate JAR files

For error in java console
network: Connecting with proxy=DIRECT
network: Connecting with proxy=DIRECT
security: Failing over to CRLs: connect timed out
network: Cache entry not found [url:, version: null]
network: Connecting with proxy=DIRECT
network: Connecting with proxy=DIRECT

Control Panel->Java->Advanced' Tab->'Perform certificate revocation checks on' section - Select “DO NOT CHECK”

Wednesday, December 05, 2012

Cisco VPN on Windows 8

Got new personal Windows 8 laptop. Looks like we need to learn a lot to get familiar using Windows o/s.  

Googling helped a lot - Credit goes to the following link

I have Cisco VPN for x64 running without any issues on Windows 7 

I used the Followed steps to install and use it on Windows 8.

1) During Installation -> Right Click and check Compatibility to Windows 7
2) After installation imported the PCF file
3) Backup registry
4) Browse to the Registry Key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CVirtA
     Select the DisplayName to modify, and remove the leading characters from the value data upto "%;" i.e.
     "@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” to "Cisco Systems VPN Adapter for 64-bit Windows
5) Test Connectivity

If you have 32 bit use the following
o    For x86, change the value data from something like "@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter” to "Cisco Systems VPN Adapter

One more Note - to get start menu on Windows 8  then use Power 8  

Wednesday, February 03, 2010

Apps Patching error; FGA enabled ORA-28110

In this post I am not specifying any details about FGA (Fine Grained Auditing) - but some quick steps to resolve the issue

During one of my recent apps patching I ran into the following issue.

Due to error:
ORA-28110: policy function or package APPS.CST_POLICY_SECURITY has error

As usual searched metalink and googled - except saying that disable FGA and continue patching but no detailed steps.

Detailed Steps

1) SQL to find details
from dba_policies where object_name='PO_ACCRUAL_

2) Disable FGA for that object
SQL> exec dbms_rls.disable_grouped_policy('OBJECT_OWNER', 'OBJECT_NAME', 'POLICY_GROUP', 'POLICY_NAME');

SQL> exec dbms_rls.disable_grouped_policy('PO', 'PO_ACCRUAL_RECONCILE_TEMP_ALL', 'SYS_DEFAULT', 'CST_POLICY_SECURITY');
or login as PO user and execute statement
SQL> exec dbms_rls.disable_grouped_

then restart the worker and after patching is done

3) Enable FGA for the above object
SQL> exec dbms_rls.enable_grouped_policy('OBJECT_OWNER', 'OBJECT_NAME', 'POLICY_GROUP', 'POLICY_NAME');

SQL> exec dbms_rls.enable_grouped_policy('PO', 'PO_ACCRUAL_RECONCILE_TEMP_ALL', 'SYS_DEFAULT', 'CST_POLICY_SECURITY');
or login as PO user and execute
SQL> exec dbms_rls.enable_grouped_

Hope this helps someone for quick steps

Good Luck

Thursday, January 28, 2010

From 10g Clone DB Home - Never Copy and relink Oracle Binaries.

Prior to 10g - we always used to just copy oracle binaries from source to target (PROD to DEV) and relink. But with 10g, there are lot of files and places where the information is hard-coded.

So use the following way to Clone Oracle Home - And never do copy and relink, its not supported/recommended. The same applied even to 11g.

You can get more information in Oracele Installation Document - under Installer.
This method is also useful if the Oracle home that you are cloning patches applied to it. When you clone this Oracle home, the new Oracle home will have the patch updates as well.

1) Copy Oracle Home from Source to Target
(cd /u01/app/oracle/10.2//db_1 ;tar -cf - .) | ( cd /u01/app/oracle/10.2//db_1; tar -xvfp - ) >> /tmp/prod_dev_dbcopy1.log 2>&1 &

2) Get soft link list on Source

cd /u01/app/oracle/10.2//db_1
find . -type l -exec ls -la {} \; | grep eb_rda0_p| awk '{print " ln -s " $11 " " $9 }' > /tmp/
find . -type l -exec ls -la {} \; | grep eb_rda0_p| awk '{print " rm " $9 }'> /tmp/

3) Remove Softlink on Target
sh /tmp/

4) Recreate Softlinks on Target
edit the temp file with correct path for new oracle home
sh /tmp/

5) Backup oraInventory on Target Server
to get Inventory location do "cat /var/opt/oracle/oraInst.loc"

6) Detach/Remove Existing Oracle Home in OraInventory.
cd $ORACLE_HOME/oui/bin
runInstaller -silent -detachHome ORACLE_HOME="/u01/app/oracle/10.2//db_1" ORACLE_HOME_NAME="OraDb10g"

7) Edit $ORACLE_HOME/clone/config/
add "-ignoreSysPrereqs" at the end

8) Set the following Environment variables.
export PATH=$ORACLE_HOME/perl/bin:$PATH:.
export PERL5LIB=$ORACLE_HOME/perl/lib/5.8.3:$ORACLE_HOME/appsutil/perl

9) run Perl clone script
cd $ORACLE_HOME/clone/bin
perl ORACLE_HOME="/u01/app/oracle/10.2//db_1" ORACLE_HOME_NAME="OraDb10g"

if for any case you have issues with perl - then you can run the following also
$ORACLE_HOME/oui/bin/runInstaller -silent -clone ORACLE_HOME="/u01/app/oracle/10.2//db_1" ORACLE_HOME_NAME="OraDb10g"

Log File

$perl ORACLE_HOME="/u01/app/oracle/
10.2//db_1" ORACLE_HOME_NAME="OraDb10g"
./runInstaller -silent -clone -waitForCompletion "ORACLE_HOME=/u01/app/oracle/
10.2//db_1" "ORACLE_HOME_NAME=OraDb10g" -noConfig -nowait -ignoreSysPrereqs

Starting Oracle Universal Installer...

No pre-requisite checks found in oraparam.ini, no system pre-requisite checks will be executed.

>>> Ignoring required pre-requisite failures. Continuing...

Preparing to launch Oracle Universal Installer from /tmp/OraInstall2009-01-23_11-
47-03PM. Please wait ...Oracle Universal Installer, Version Production
Copyright (C) 1999, 2006, Oracle. All rights reserved.

You can find a log of this install session at:
...................................................................... 100% Done.

Installation in progress (Fri Jan 23 23:48:22 EST 2009)
.................................................. 80% Done.
Install successful

Linking in progress (Fri Jan 23 23:48:58 EST 2009)
Link successful

Setup in progress (Sat Jan 24 00:12:00 EST 2009)
Setup successful

End of install phases.(Sat Jan 24 00:12:26 EST 2009)
The following configuration scripts need to be executed as the "root" user.
#Root script to run
To execute the configuration scripts:
1. Open a terminal window
2. Log in as "root"
3. Run the scripts

The cloning of OraDb10g_q592 was successful.
Please check '/u01/app/oracle/10.2/
oraInventory/logs/cloneActions2009-01-23_11-47-03PM.log' for more details.

Any Comments, let me know


Tuesday, June 24, 2008

OLAP Added to 10gR2 but XOQ component INVALID

Did not post new blogs for last couple of months, busy working on database upgrade, its a, size 5TB and 3 node RAC.

Recently I visited my favorite BLOG like every day/week, and at the same time we got a request to apply OLAP Patch 5746153 - which I applied successfully and done post-patch steps.
Component XOQ was INVALID, no matter what I do, its still Invalid. Did the usual steps - googled, searched metalink and then created tar. Finally I was able to get hold of good analyst who reffered me to note Note:466363.1, after following the steps I got below error.

SQL> select status from dba_registry where comp_id = 'XOQ';

SQL> set serveroutput on size 10000
SQL> exec xoq_validate
compat -> 10.2.0
BEFORE BOOTSTRAPORA-37111: Unable to load the OLAP API sharable library: (Cannot map text forlibrary: mmap(0x0,0x13e6914, 0x5, 0x41, 58, 0x0) returns Permission denied.)
comp_name: Oracle OLAP API
status: INVALID
PL/SQL procedure successfully completed.

$ls -l /home/oracle/10.2/lib//
-rw-r--r-- 1 oracle dba 36056968 Apr 23 2007 /home/oracle/10.2/lib//

Did the usual searching and finally did a CHMOD and ran xoa_validate to my surprise it got validated.

chmod 744 /home/oracle/10.2/lib//

SQL> select status from dba_registry where comp_id = 'XOQ';

Then later I found its a know bug 6979371 and oracle ended-up publishing note 603179.1 for the same

Reference Metalink Notes
Note#: <466363.1>Titled: Oracle Olap API Invalid After Adding OLAP
Note#: <603179.1>Titled: Oracle Olap Api Invalid After Upgrade To

Good Luck

Monday, March 24, 2008

DST Change - OEM start agent failed, agentTZRegion settings

Because of DST change, I saw the agents which were shutdown are not starting, tried manually but no luck.

$ emctl start agent
Oracle Enterprise Manager 10g Release
Copyright (c) 1996, 2006 Oracle Corporation. All rights reserved.
Starting agent ...... failed.
The agentTZRegion value in /home/oracle/product/10.2.0/em10g/agent10g/sysman/config/ is not in agreement with what agent thinks it should be.Please verify your environment to make sure that TZ setting has not changed since the last start of the agent.
If you modified the timezone setting in the environment, please stop the agent and exectute 'emctl resetTZ agent' and also execute the script mgmt_target.set_agent_tzrgn(
, ) to get the value propagated to repository.
Consult the log files in: /home/oracle/product/10.2.0/em10g/agent10g/sysman/log

In you need to correctly set the agentTZRegion value

And login to OEM repository and run the following SQL to get the present values, so you can reset the value in repdb - login as SYS

select TARGET_NAME, timezone_region FROM mgmt_targets WHERE target_type = 'oracle_emd' AND target_name like '%hostname%';

-------------------------- --------------------------
hostname.domainname:2872 -05:00

Now reset the value to correct TZ settings

SQL> exec mgmt_target.set_agent_tzrgn('hostname.domainname:2872','-04:00');
SQL> commit;

Restart the agent, its successful

$emctl start agent
Oracle Enterprise Manager 10g Release
Copyright (c) 1996, 2006 Oracle Corporation. All rights reserved.
Starting agent .............................. started.

Good Luck, Cheers

Friday, July 13, 2007

Burn multiple ISO into DVD

Non Oracle Post

If you have downloaded software and if it comes in multiple cd ISO images and want to burn into one single image for creating dvd then do the following.

In my case some of the linux s/w which i downloaded has multiple cd's so I used the below method to create the dvd image. I used the single iso image to install linux on vmware.

cat image1.iso image2.iso image3.iso >imagedvd.iso
cat image1.iso > imagedvd.iso
cat image2.iso >> imagedvd.iso
cat image3.iso >> imagedvd.iso

All the contents if 3 iso images are clubbed into one image.

Hope this helps someone

Thursday, May 17, 2007

How to setup more than one AD Domains for OID External Authentication (10.1.2 vs 10.1.4)

You might be wondering why I am comparing 2 versions, when we started our integration, 10.1.4 was released and I read technet documentation but could not find any information on metalink (all the info is for 10.1.2 and 9.0.4) and at my earlier project I worked on integrating SiteMinder against 10.1.2, thats how I got some insight into differences which I am sharing with you.

The above combinations are integrated with instances, To login to 11i Users are externally authenticated by AD or Siteminder and 10gAS is used as a intermediary to accomplish it.

We have multiple domains, so I worked on seting up multiple plug-in for external authentication. But at the end we ended up using AD Global Catalog.

10.1.2 - Source:

1) Go to $ORACLE_HOME/ldap/admin
2) Make a copy of oidspada.pls file, and save it as oidspada2.pls
3) Modify oidspada2.pls
* Replace OIDADPSWD with OIDADPSWD2 (Global replace)
4) Make a copy of file and save it as (Global Replace)
* replace "oidspada.pls" with "oidspada2.pls"
* replace "adwhencompare" with "adwhencompare2"
* replace "adwhenbind" with "adwhenbind2"
* replace "OIDADPSWD" with "OIDADPSW2"
5) Run
It will register new profiles for new domain.

10.1.4 - Source:

1) Configure external authentication for one domain
2) Dump the configuration information into LDIF file
ldapsearch -p 3060 -D cn=orcladmin -w welcome -s sub -L -b "cn=plugin,cn=subconfigsubentry" cn="oidexplg_*_ad" >> output.ldif
3) Modify the output.ldif
cn=oidexplg_compare_ad with cn=oidexplg_compare_ad2
cn=oidexplg_bind_ad with cn=oidexplg_bind_ad2
Change the values for orclpluginflexfield;host and orclpluginflexfield;port for the external directory host name and port number
Modify orclpluginsubscriberdnlist for the plug-in invocation naming context.
4) Upload the new plug-in information
$ORACLE_HOME/ldap/bin/ldapadd -h host -p port -D cn=orcladmin -w orcladminPwd -v -f input.ldif

Test using ldapbind and ldapcompare against both the domains
a) ldapbind -h oidHost -p port -D "cn=ADUser,cn=Users,dc=uk,dc=acme,dc=com" -w adpassword
b) ldapcompare -h oidHost -p port -D "cn=orcladmin" -w iasadminpswd -b "cn=ADUser,cn=Users,dc=uk,dc=acme,dc=com" -a userPassword -v adpassword

a) ldapbind -h oidHost -p port -D "cn=ADUser,cn=Users,dc=us,dc=acme,dc=com" -w adpassword
b) ldapcompare -h oidHost -p port -D "cn=orcladmin" -w iasadminpswd -b "cn=ADUser,cn=Users,dc=us,dc=acme,dc=com" -a userPassword -v adpassword

Good Luck

Configure OID External Authentication Plug-In (10.1.2 vs 10.1.4) against Microsoft AD

We recently integrated our instance with 10gAS (10.1.4 Identity management) using external Authentication from Microsoft Active Directory. Automatic USER provisioning from AD to OID to 11i.

The way external authentication happens in 10.1.2 and 10.1.4 is quite different.In 10.1.2 it uses pl/sql plug-in and 10.1.4 it uses java plug-in.

In 10.1.2 you have to run "$ORACLE_HOME/ldap/admin/" to register adwhencompare & adwhenbind profiles.

In 10.1.4 you need to run "$ORACLE_HOME/ldap/jlib/oidexcfg.jar oidexcfg -h oidhost -p port -D cn=orcladmin -w password -t AD" to modify the oidexcfg_compare_ad and oidexcfg_bind_ad plug-in's, the same can also be modified by login to ODM and going to Plug-in Management.

After registering run the following commands to check if AD can authenticate you
1) ldapbind -h oidHost -p port -D "cn=ADUser,cn=Users,dc=acme,dc=com" -w adpassword
2) ldapcompare -h oidHost -p port -D "cn=orcladmin" -w iasadminpswd -b "cn=ADUser,cn=Users,dc=acme,dc=com" -a userPassword -v adpassword

In 10.1.4 you can still use pl/sql plug-in for external authentication but make sure you are not hitting bug#5912665

Another important thing is - In 10.1.2 "orclUserPrincipalName" objectclass contains the external identity used for validating to Active Directory and in 10.1.4 "orclSourceObjectDN" is used instead.

Good Luck

Thursday, April 19, 2007

Timeout Setting when you have 10gAS integrated with 11i along with External Authentication

We are using 11i ( with 10gAS ( with AD external Authentication. The timeout behavior was not consistent across the board.

The following places needs to be modified to set timeout across the board

System Profile option ICX:Session Timeout 30 (Minutes) file session.timeout=180000 (Milliseconds=30 Minutes)

a) Navigate to http://:port/pls/orasso
b) Login with an administration account
c) Press 'SSO Server Administration'
d) Press 'Edit SSO Server Configuration'
e) In the section 'Single Sign-On Session Policy', change the Single Sign-on Session Duration from 8Hrs to .5 Hr (30 Min) ---This must match 11i Timeout

Other Timeouts

Set Global Inactivity Timeout – Login as ORASSO and run $ORACLE_HOME/sso/admin/plsql/sso/ssogito.sq set the “inactivity_period” in Minutes (Default 15 min, To disable timeout set inactivity period to 0)

Set connectionIdleTimeout = 30 (default 120 min) in $ORACLE_HOME/sso/conf/

Set OssoIdleTimeout on (Default off) in $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf

To set the interval in ODM select the server, then the Query Optimization tab, LDAP Connection Timeout. The set to 30 (default is 0, no timeout). The value is in minutes. The value should be set to less than any firewall or load balancer timeout.

In ODM select the server, then the System Operational Attributes tab, Statistics Collection Interval is set to 15. The default is 60 minutes. This value should be set to about half the connection timeout.

Bounce the services on 10gAS and 11i
opmnctl stopproc process-type=HTTP_Server
opmnctl startproc process-type=HTTP_Server

opmnctl stopproc process-type=OC4J_SECURITY
opmnctl startproc process-type=OC4J_SECURITY stop start

Good Luck...

Tuesday, January 30, 2007

Oracle Applications Benchmarks

Just saw this article on Oracle site, benchmarks for medium and small configurations.

Hope this helps

Wednesday, January 10, 2007

Wanna know version of RedHat installed?

Wanna know exactly what version of redhat/centos/enterprise linux you are running?

Normally on any unix flavors if you do "uname -a" you get all the details along with servername, o/s build details.

If yo do the same on redhat, it will not tell you what version you are running.
$uname -a
Linux servername 2.4.21-47.ELhugemem #1 SMP Wed Jul 5 20:30:35 EDT 2006 i686 i686 i386 GNU/Linux

To know the version on Redhat/Centos/Oracle Enterprise Linux you need to ...
$cat /etc/redhat-release
Red Hat Enterprise Linux AS release 3 (Taroon Update 8)

$cat /etc/enterprise-release
Enterprise Linux Enterprise Linux AS release 4 (October Update 4)

Good Luck and Cheers!

Monday, November 06, 2006

Search FND_PROFILES for Hard-Coded Path

As part of Windows to Linux Upgrade/Migrate project. I wrote the following query to pull all the profiles that has a hard-coded Windows Path

-- Start Script

SELECT fpo.profile_option_name PROFILE, fpov.profile_option_value VALUE,
DECODE (fpov.level_id,10001, 'SITE', 10002, 'APPLICATION',10003, 'RESPONSIBILITY',10004, 'USER') "LEVEL",
fa.application_short_name app, fr.responsibility_name responsibility,
fu.user_name "USER"
FROM apps.fnd_profile_option_values fpov,
apps.fnd_profile_options fpo,
apps.fnd_application fa,
apps.fnd_responsibility_vl fr,
apps.fnd_user fu,
apps.fnd_logins fl
WHERE fpo.profile_option_id = fpov.profile_option_id
AND fa.application_id(+) = fpov.level_value
AND fr.application_id(+) = fpov.level_value_application_id
AND fr.responsibility_id(+) = fpov.level_value
AND fu.user_id(+) = fpov.level_value
AND fl.login_id(+) = fpov.last_update_login
AND ( LOWER (fpov.profile_option_value) LIKE 'f:%'
OR LOWER (fpov.profile_option_value) LIKE 'd:%'
OR LOWER (fpov.profile_option_value) LIKE 'c:%'

-- End Script