You are not authorized to access this site.

On accessing Extranet URL from Internet, we got this message:

Access Denied

You are not authorized to access this site.

The application you are attempting to access requires additional authorization. If you feel you have received this message in error, please contact your local business Help Desk.

This error is coming because we have SSO enabled our Extranet also. If the user exists in the SSO database and doesn't exist in the FND_USER table of Oracle E-Business Suite, this error would appear.

After creating the users locally in E-Business Suite, this error should disappear.

How to download password protected patch from updates.oracle.com

A metalink search revealed note 731257.1 which has the details. In short before issuing the get command you are required to issue the command site protected .

In fact if you directly issue the get command you get the error message which says the same:

ftp> bin
g200 TYPE changed to I.
ftp> et p8995444_11i_d.zip
200 PORT command OK.
550-File or directory not found.
550-This is a password protected patch.
550-Enter the password with site command:
550-quote site protected
550 Then get the patch again.

After issuing the site protected command it worked

ftp> site protected V5pIHQqk
200 The password was received successfully.
ftp> get p8995444_11i_d.zip
200 PORT command OK.
150 Opening BINARY mode data connection for file p8995444_11i_d.zip.

It worked with quote site protected command also:

ftp> quote site protected V5pIHQqk
200 The password was received successfully.
ftp> get p8995444_11i_d.zip
200 PORT command OK.
150 Opening BINARY mode data connection for file p8995444_11i_d.zip.

This is of limited use now as Oracle is decomissioning their ftp service and you'll need to use wget and URL from the patch download button in new metalink.

What really happens when you enable maintenance mode before applying patches

Maintenance Mode was introduced in AD.I patchset. Here's what the readme of AD.I (Article ID: 233044.1):

Maintenance mode provides a clear separation between normal runtime operation of Oracle Applications and system downtime for maintenance. Enabling the maintenance mode feature shuts down the Workflow Business Events System and sets up function security so that no Oracle Applications functions are available to users. Used only during AutoPatch sessions, maintenance mode ensures optimal performance and reduces downtime when applying a patch. For more information, refer to Preparing your System for Patching in Oracle Applications Maintenance Utilities.

You may also refer to Article ID 291901.1, which has more information about Maintenance Mode.

Interestingly R12 has some additional steps to enable maintenance mode. Plese refer to Article ID 558274.1: Instructions for configuring maintenance mode for R12.

connect / as sysdba ORA-01031 Insufficient privileges

On a freshly installed 11gR2 Oracle Database, I set the following environment variables:

ORACLE_BASE
ORACLE_HOME
ORACLE_SID
TNS_ADMIN
TWO_TASK
LD_LIBRARY_PATH

However when I tried to connect to it:

sqlplus /nolog
conn / as sysdba
ORA-1031 Insufficient Privileges

A search on My Oracle Support showed this:

Error: ORA 1031
Text: insufficient privileges
-------------------------------------------------------------------------------
Cause: An attempt was made to change the current username or password without
the appropriate privilege. This error also occurs if attempting to
UPDATE a table with only SELECT privileges, if attempting to CONNECT
INTERNAL, or if attempting to install a database without the necessary
operating system privileges.
Action: Ask the database administrator to perform the operation or grant the
required privileges.

However I got my answer from this article:

UNIX: Checklist for Resolving Connect AS SYSDBA Issues [ID 69642.1]

It turned out that unsetting the environment variable TWO_TASK resolved the issue:

unset TWO_TASK
sqlplus /nolog
conn / as sysdba
Connected. 

adgendbc.sh java.sql.SQLException: Invalid number format for port number

One of collegue asked me about this one. While running adconfig on an R12 clone, the following error was being reported:

Unique constraint error (00001) is OK if key already exists

Creating the DBC file...
java.sql.SQLException: SO Exception was generated
Database connection to jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(LOAD_BALANCE=YES)(FAILOVER=YES)(ADDRESS=(PROTOCOL=tcp)(HOST=R1213q2.justanexample.com)(PORT=1553)))(CONNECT_DATA=)) failed
ADD call failed with exit code 1

Updating Server Security Authentication
java.sql.SQLException: Invalid number format for port number
Database connection to jdbc:oracle:thin:@host_name:port_number:database failed
Updating Server Security Authentication failed with exit code 1
Restoring DBC file from backed up location $INST_TOP/appltmp/TXK/R1213q2_Wed_Aug_17_14_32_2011.dbc

adgendbc.sh ended at Wed Aug 17 14:32:04 EDT 2011

adgendbc.sh exiting with status 1
ERRORCODE = 1 ERRORCODE_END
.end std out.

.end err out.
****************************************************

We noticed the blank CONNECT_DATA and did node cleanup and re-ran autoconfig. However it still failed:

Unique constraint error (00001) is OK if key already exists

Creating the DBC file...
java.sql.SQLRecoverableException: No more data to read from socket raised getting GUEST_USER_PWD - ignoring
java.sql.SQLRecoverableException: No more data to read from socket- Database error performing ADD

ADD call failed with exit code 1

Updating Server Security Authentication
java.sql.SQLException: Invalid number format for port number
Database connection to jdbc:oracle:thin:@host_name:port_number:database failed
Updating Server Security Authentication failed with exit code 1
Restoring DBC file from backed up location $INST_TOP/appltmp/TXK/R1213q2_Wed_Aug_17_16_11_2011.dbc

adgendbc.sh ended at Wed Aug 17 16:11:16 EDT 2011

adgendbc.sh exiting with status 1
ERRORCODE = 1 ERRORCODE_END
.end std out.
Unable to update GUEST_USER_PWD in database to GUEST/ORACLE - java.sql.SQLRecoverableException: No more data to read from socket

After a lot of searching in My Oracle Support I found this article: Adgendbc Fails With Database Connection Failure [ID 1302708.1]. It asked us to do this:

The following change to the database parameters allows Autoconfig, and specifically adgenfbc.sh, to complete successfully. Please make this change and then re-run autoconfig.

alter system set JAVA_JIT_ENABLED= FALSE scope = both;

We did this, but the error still appeared.

So we bounced the database. After bouncing the database it worked fine:


$ cd $INST_TOP/admin/install
$ ./adgendbc.sh

adgendbc.sh started at Wed Aug 17 16:20:52 EDT 2011


Enter the APPS username: apps

Enter the APPS password:

SQL*Plus: Release 10.1.0.5.0 - Production on Wed Aug 17 16:21:02 2011

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Enter value for 1: Enter value for 2: Enter value for 3: Connected.
[ APPS_DATABASE_ID ]
Application Id : 0
Profile Value : orpogpq2
Level Name: SITE
INFO : Updated/created profile option value.
.

PL/SQL procedure successfully completed.


Commit complete.

Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options


==============================
* * * * DBC PARAMETERS * * * *
==============================
fnd_jdbc_buffer_min=1
fnd_jdbc_buffer_max=5
fnd_jdbc_buffer_decay_interval=300
fnd_jdbc_buffer_decay_size=5
fnd_jdbc_usable_check=false
fnd_jdbc_context_check=true
fnd_jdbc_plsql_reset=false



====================================
* * * * NO CUSTOM PARAMETERS * * * *
====================================



Unique constraint error (00001) is OK if key already exists

Creating the DBC file...
ADD executed successfully - $INST_TOP/appl/fnd/12.0.0/secure/orpogpq2.dbc

Updating Server Security Authentication
AUTHENTICATION SECURE executed successfully - $INST_TOP/appl/fnd/12.0.0/secure/R1213q2.dbc

adgendbc.sh ended at Wed Aug 17 16:21:39 EDT 2011

adgendbc.sh exiting with status 0
ERRORCODE = 0 ERRORCODE_END .

UX: useradd: ERROR: Inconsistent password files

While using useradd command to add my user, I got this error:

UX: /usr/sbin/useradd: ERROR: Inconsistent password files. See pwconv(1M).

Logged in as root, I checked the no. of lines in /etc/passwd and /etc/shadow:

# cat /etc/shadow |wc -l
299
# cat /etc/passwd |wc -l
300

vi /etc/passwd

I saw that last line was a blank and removed the blank line.

Using useradd command worked now without issues.

Where is OA_HTML defined in R12

OA_HTML is defined in $ORA_CONFIG_HOME/10.1.3/j2ee/oacore/config/oc4j.properties

Upgrade Java plug-in (JRE) to the latest certified version

If you have already migrated to Java JRE with Oracle EBS 11i you may want to update EBS to the latest update from time to time. For example, if your EBS environment is configured to work with Java JRE 6 update 5 and you want to upgrade your clients with the latest JRE 6 update 13.

This upgrade process is very simple:

   

1. Download the latest Java JRE installation file
   The latest update can be downloaded from here.
   Download the "JRE 6 Update XX" under "Java SE Runtime Environment".
    
2. Copy the above installation file to the appropriate directory:
   

   $> cp jre-6uXX-windows-i586-p.exe $COMMON_TOP/util/jinitiator/j2se160XX.exe

   
   We have to change the installation file name by the following format:   "j2se160XX.exe"  where XX indicates the update version.
    
3. Execute the upgrade script:
   

   $> cd $FND_TOP/bin $> ./txkSetPlugin.sh 160XX

That's all....

Since we upgraded our system to JRE 6 update 13 (2 weeks ago), our users don't complain about mouse focus issues and some other forms freezes they have experienced before. So... it was worth it...

If you haven't migrated from Jinitiator to the native Sun Java plug-in yet, it's highly recommended to migrate soon. Jinitiator is going to be desupported soon.

See the following post for detailed, step by step, migration instructions: Upgrade from Jinitiator 1.3 to Java Plugin 1.6.0.x.

You are welcome to leave a comment.

Patch failed but the fix is another patch!

Fortunately this happens infrequently (in my experience) and is usually caught the first time patch(es) are applied in a sandbox or dev environment. There could be a few reasons why this happens, a couple off the top of my head:

- Your patch analysis wasn't complete. [If you have been in pre-req hell before, it can be very easy to miss a patch.]
- You've hit a bug and Oracle informs you another patch is required.
- Some large patches, especially family packs usually have functional prerequisites. These are usually in the README file as a chart which lists the product, feature and patches required. If you are using, or plan to use the products listed in the chart, you are required to apply the patch(es).

Just recently, we hit an issue in which we had to go back and apply a functional pre-req for a module we don't use.

So how do you resolve this? There are two options:

1. Cancel the patch, apply the new patch, then start the first one over again.
2. Backup the first patch, apply the new patch, restore the first patch and let it continue where it left off.

The benefit of option 2 is to save deployment time. Obviously if you are 2-3 hours into a large patch and you choose option 1 you have to start over.

So, the steps to backup the first patch are:

1. Use adctrl to shutdown all of the workers.
2. Backup the FND_INSTALL_PROCESSES and AD_DEFERRED_JOBS tables.
3. Backup the .rf9 files under $APPL_TOP/admin/[SID]/restart
4. Drop the tables in step 2.
5. Apply the new patch.
6. Restore the .rf9 files backed up in step 3.
7. Restore the tables backed up in step 2.
8. Recreate Synonyms under apps:
- create synonym AD_DEFERRED_JOBS for APPLSYS.AD_DEFERRED_JOBS;
- create synonym FND_INSTALL_PROCESSES FOR APPLSYS.FND_INSTALL_PROCESSES;
9. Start adpatch and continue.


Now, this only works if one of the workers fail while executing tasks for the first patch. If a fatal error happens elsewhere then you can't use the steps above. 

Adpatch seems to hang?

While applying a patch to a cloned environment adpatch seemed to hang on the following line:

Attempting to instantiate the current-view snapshot...

If you perform a search of metalink you will get a couple of hits which may solve your problem. One of the problems is that the AD module level is lower than the required version for the patch. The other note mentions that it could be a temp tablespace issue. In my case, both of those checked out ok.

Before I continue, what is a snapshot?

There are two types of snapshosts, APPL_TOP and global. APPL_TOP snapshots contain version of files and patches applied within that APPL_TOP. A global snapshot contains the same information but for the entire environment, ie. all APPL_TOPS.

The global view snapshot is used when you use Patch Wizard to determine whether or not a patch has been applied. APPL_TOP snapshots are using by autopatch (adpatch) to determine if all prerequisite patches have been applied. Each time you apply a patch AutoPatch updates the current view snapshot. I believe it may even create a new current view snapshot and just replace the existing one.

Additionally there are two types of snapshots, current view and named. A named snapshot is just a copy of the current view snapshot at a given point in time. Patch wizard and AutoPatch use current view snapshots.

To access snapshot information launch adadmin, select option 2 - Maintain Applications Files menu, select 5 - Maintain snapshot information and you will see the menu below:


         Maintain Snapshot Information
   -------------------------------------------

  1.    List snapshots

  2.    Update current view snapshot

  3.    Create named snapshot

  4.    Export snapshot to file

  5.    Import snapshot from file

  6.    Delete named snapshot(s)

  7.    Return to Maintain Applications Files menu



Back to the problem of adpatch seeming to hang while instantiating a current-view snapshot. Since this is a cloned environment, a snapshot doesn't exist yet for the APPL_TOP. So before AutoPatch can check if prerequistite patches have been applied, it must create a snapshot. This process can take 1-2 hours depending on how fast your servers are. You can avoid this by running "Update current view snapshot" via adadmin after you clone.

I should add, that in my experience I've only encountered this problem a few times. Most of the patches I apply to a cloned environment are quick one-offs with no pre-reqs. Large patching efforts such as family packs or patches with pre-reqs may experience this problem. I haven't tried, but if your crunched for time you may be able to bypass adpatch updating the current view snapshot by specifying "adpatch options=noprereq" to skip the prerequisite check.

Merging Patches in E-Business Suite

One method to decrease the amount of time it takes to apply a large number of patches is to use AD Merge. AD Merge allows you to combine multiple patches into a single patch. If you have applied multiple patches separately in the past, you've probably noticed that some steps may be repeated for each patch. For example, autoconfig, compiling JSP or database objects, etc may be executed automatically multiple times. You can pass parameters in to adpatch to avoid and perform those tasks manually at the end. As well, even tho its minor, just running through the adpatch prompts for each patch adds up.. (I'll talk about defaultsfile in another post.)

There are some restrictions with AD Merge, it can't be used to merge patches of different releases, platforms or parallel modes.

The first step is to download the patches and uncompress them into a single directory. For the following example I am using the July Security patch release:

oravis@myserver=> ls SRC
6520998                   6884665                   p6845529_11i_GENERIC.zip
6627387                   p6520998_11i_GENERIC.zip  p6884665_11i_GENERIC.zip
6845529                   p6627387_11i_GENERIC.zip

Execute admrgpch. (I created a directy DEST at the same level as SRC above). The format i'm using below is: -s <source> -d <desintation> -logfile <name> -merge_name <default is merged, so name it appropriately>:

oravis@myserver=>
   admrgpch -s SRC -d DEST -logfile JUL09_merge.log -merge_name jul09cpu_merge

Executing the merge of the patch drivers
 -- Processing patch: SRC/6520998
 -- Done processing patch: SRC/6520998

 -- Processing patch: SRC/6627387
 -- Done processing patch: SRC/6627387

 -- Processing patch: SRC/6845529
 -- Done processing patch: SRC/6845529

 -- Processing patch: SRC/6884665
 -- Done processing patch: SRC/6884665



Copying files...

100% complete. Copied 9 files of 9...

Character-set converting files...

  4 unified drivers merged.

Patch merge completed successfully

Please check the log file at JUL09_merge.log.

oravis@myserver=> ls DEST
6520998_README.html   b6520998.ldt          fnd
6520998_README.txt    b6627387.ldt          ibe
6627387_README.html   b6845529.ldt          j6520998_mwa.zip
6627387_README.txt    b6884665.ldt          j6627387_ibe.zip
6845529_README.html   f6520998.ldt          j6884665_frm.zip
6845529_README.txt    f6627387.ldt          jcopy
6884665_README.html   f6845529.ldt          u_jul09cpu_merge.drv
6884665_README.txt    f6884665.ldt

Finally review the merge log file and verify that there were no errors. I've read that you shouldn't merge AD or FND patches but I can't find anything official on Metalink or in the documentation. AD Merge has only failed on me twice. Once it failed during the merge and another time during the application of the merged patch. When applying the patch with adpatch, change directory into DEST and when prompted use u_jul09cpu_merge.drv for the driver name. Don't forget to perform any post-patch activities that may be required for each patch!

Thats it, merging patches is pretty simple. It has worked great for me in the past and even for small patching efforts like the CPU release above, I use it. Even tho they are pretty quick patches it beats having to apply each one manually.

Why are R12 patches so large?


While performing patch analysis for some one-off patches I noticed there was quite a size difference between codelines.  (ie. R12.AP.A vs R12.AP.B)   For example, take a look at payables patch 8733916.   The version compatible with AP.A is 35.4MB while the AP.B version is only 9MB.

A coworker forwarded me a note from Metalink which describes the issue: 

Release 12: Why are One-Off Patches so Large? [ID 841218.1]

The note has an interesting chart which shows how many files are applied from a patch based on the codelevel.   Basically a one-off patch contains all the files necessary to fix the problem on a base R12 release.   So to summarize the note, the more upto date you keep your EBS environment, the less work adpatch has to do in order to apply patches.

Background Info:  Adpatch performs a number of tasks when applying a patch.  One of them is to compare versions of files supplied by the patch to those in your EBS environment.  Only newer files will be copied.

In my case, with patch 8733916, its basically the same situation.  R12.0 was released I believe back in Jan 2007, while R12.1 was released in May 2009.  So if a bug affects both versions, its not surprising that the patch would be smaller for R12.1 since its more upto date.   Now, I would assume this is highly dependant on the bug but I haven’t seen a patch for R12.1 that is larger than R12.0.  

R12.1.2 Relinking issues after 64bit Migration

We have a large R12 upgrade coming up on the horizon.  Upgrading to R12.1.2, 11gR2 and migrating to 64bit.   As part of the post 64bit migration you have to relink the application programs.  A number of modules wouldn’t relink tho:

Example:

g++: /u01/TEST/apps/apps_st/appl/sht/12.0.0/lib/ilog/6.2/libschedule.a: No such file or directory
g++: /u01/TEST/apps/apps_st/appl/sht/12.0.0/lib/ilog/6.2/libsolveriim.a: No such file or directory
g++: /u01/TEST/apps/apps_st/appl/sht/12.0.0/lib/ilog/6.2/libconcertext.a: No such file or directory
g++: /u01/TEST/apps/apps_st/appl/sht/12.0.0/lib/ilog/6.2/libsolver.a: No such file or directory
g++: /u01/TEST/apps/apps_st/appl/sht/12.0.0/lib/ilog/6.2/libconcert.a: No such file or directory
make: *** [/u01/TEST/apps/apps_st/appl/eng/12.0.0/bin/ENCACN] Error 1
Done with link of eng executable 'ENCACN' on Tue Oct 19 15:32:10 EDT 2010
Relink of module "ENCACN" failed.


I opened up an SR with oracle but continued to research the problem.   I didn't see anything on Metalink for R12, Google same result.   I searched the entire filesystem to see if the libraries existed elsewhere but no luck
.
I noticed a zip file /u01/TEST/apps/apps_st/appl/sht/12.0.0/lib/ilog62lib.zip and listed the contents to see what was in it.  Here is a snip:

[oravis@myserver lib]$ unzip -l ilog62lib.zip
Archive:  ilog62lib.zip
$$Header: ilog62lib.zip 120.5 2006/10/02 17:00  juliang ship                       $
Length     Date   Time    Name
--------    ----   ----    ----
0  05-02-06 02:12   ilog/
0  09-27-06 18:09   ilog/6.2/LINUX/
2  09-27-06 18:08   ilog/6.2/LINUX/libconcert.a
2  09-27-06 18:08   ilog/6.2/LINUX/libconcertext.a
8  09-27-06 18:08   ilog/6.2/LINUX/libcplex.a
2  09-27-06 18:08   ilog/6.2/LINUX/libilocplex.a
8  09-27-06 18:08   ilog/6.2/LINUX/libschedule.a
0  09-27-06 18:08   ilog/6.2/LINUX/libsolver.a
0  09-27-06 18:08   ilog/6.2/LINUX/libsolverfloat.a
0  09-27-06 18:08   ilog/6.2/LINUX/libsolveriim.a
.
.
.
--------                   -------
665793708                   72 files





The libraries adrelink was looking for.  I extracted the files, changed to the LINUX directory, moved the files up to the parent directory,  relinked (via adadmin) and it completed successfully.

----

Looking back on the problem, its strange I didn't encounter it before.   This environment is a copy of an existing R12.1.2 32bit environment.   The only thing i'm changing is migrating it to 64bit.   So I should have hit these relinking issues before.   I checked the source environment and the libraries are indeed there! 

The zip file contains the libraries for a number of platforms, AIX, HPUX, etc.   So the only thing I can think of is that since i'm doing a platform migration, these libraries get removed to make sure the proper ones are used.  However, it doesn't continue and extract the correct libaries from the zip file.

401 Unauthorized” error when tried to loging into SSO application

Recently I have faced one issue in one of our development node. The problem is “401 Unauthorized” when tried to login into sso integrated application and upto two days back it was working fine.

Environment details:
 Oracle Application Server Single Sign-On – Version: 10.1.4.3 and OAM 10.1.4.3 running in same node. OAM_OSSO are integrated.

 I  got 401 Unauthorized error when I tried to access the oiddas application and I have seen the below exception in ssoServer.log

 Thu Jun 07 20:55:04 IST 2012 [ERROR] AJPRequestHandler-ApplicationServerThread-9 Could not get attributes for user, orcladmin

oracle.ldap.util.NoSuchUserException: User does not exist – SIMPLE NAME = orcladmin

        at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1160)

        at oracle.ldap.util.Subscriber.getUser(Subscriber.java:923)

        at oracle.ldap.util.Subscriber.getUser(Subscriber.java:870)

        at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:537)

        at oracle.security.sso.server.auth.SSOServerAuth.authenticate(SSOServerAuth.java:508)

        at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:1076)

        at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:547)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

        at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:826)

        at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:332)

        at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)

        at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)

        at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)

        at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)

        at java.lang.Thread.run(Thread.java:534)

 Please find the workaround as below
    I have found one metalink Id(987877.1) which is deals the same issue. It’s says, issue in custom plugin configured for Oracle SSO (OSSO) and I have executed the following action plan.
        Recompile the custom plugin with a different name e.g. SSOSMAuth, so that file SSOSMAuth.class is created instead of SSONeteAuth.class
        Copy file SSOSMAuth.class to $ORACLE_HOME/sso/plugin
        Edit file $ORACLE_HOME/sso/conf/policy.properties and set the following:
        MediumSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOSMAuth
        Restart OC4J_SECURITY:
        $ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=OC4J_SECURITY
        $ORACLE_HOME/opmn/bin/opmnctl startproc process-type=OC4J_SECURITY
    I got the same error when tried to login again.
    After some workaround I found the root cause for this issue. The problem is common user search base (orclcommonusersearchbase attribute) was modified or new values were added.  More details as follow,
    At least one of the search bases configured (orclcommonusersearchbase attribute in the  cn=Common,cn=Products,cn=OracleContext,<realm DN> entry) does not exist in OID or wrongly configured. Here, Configured searchbase not exist in OID.
    The entries set for orclcommonusersearchbase attribute are used by SSO as search bases to locate the user entry. If the base does not exist in OID, the ldap search operation is failing with “Ldap error code 32: LDAP_NO_SUCH_OBJECT”. Ldap error code 32 means the base specified for the operation does not exist.
    Login to oidadmin tool and navigate to cn=Common,cn=Products,cn=OracleContext,<realm DC>
    Go to orclcommonusersearchbase attribute and correct / delete the incorrect values. All the entries defined in the orclcommonusersearchbase attribute must exist in OID.

 Or

    Connect the OID using LDAPbrowser or JXplorer and navigate to cn=Common,cn=Products,cn=OracleContext and correct orclcommancusersearchbase attribute according to the environment. After this change I have restart the infra node and tried to login. The issue is vanished.

Or

using ldapmodify command:
a. Then create ldif plain file adding.ldif like:
dn: cn=Common,cn=Products,cn=OracleContext,dc=shamrockfoods,dc=com
changetype: modify
replace: orclcommonusersearchbase
orclcommonusersearchbase: cn=users, dc=dec,dc=co,dc=in
 b. Then run ldapmodify command:
ldapmodify -h hostname -p 389 -D cn=orcladmin -w <passwd> -v -f adding.ldif
c. Restart components in the infra node and test.

Questions for Oracle Apps 11i & R12 Integration with 10g AS/SSO

Here are few questions which you should think/ask/discuss for Oracle Applications 11i & R12 Integration with 10g Application Server (Portal, Discoverer, SSO, OID)

Do you need 10g Portal component of 10g AS with Oracle Applications 11i & R12 ?
(*Integration of 10g AS can be without portal and dicoverer as well i.e. OID & SSO only. For 10g portal Integration you must have SSO and OID)

Do you need 10g Discoverer component of 10g AS with Oracle Application 11i ?
(* You can have discoverer with or without SSO access)

Do you need SSO and OID component of 10g AS with Oracle Applications 11i / R12 ?
(*You can configure only SSO/OID for Single Sign-On access with or without Portal and Discoverer)

Do you need 10g Web Cache component of 10g AS with Oracle Applications 11i ?
(*You can configure webcache with or without Portal/OID/SSO. With Portal webcache is default)

Do you have third party access management (Netegrity SiteMinder, Oblix COREid) for Single Sign-On ?
(* You can configure 10g SSO with third party access management via Oracle SSO)

Source of Authentication in Oracle Apps 11i / R12?
(* –You can configure authentication at E-Business Suite, Oracle SSO, Third party SSO or combination of above.
–Configuring authentication, local to E-Business for some users and for others SSO is also supported)

–Do you have third party LDAP directory (Microsoft Active Directory, Sun iPlanet) which you want to synch with OID and E-Business Suite ?
(* You can use third party ldap server for user store integrated with OID and then synched to E-Business Suite Users)
—– If third party LDAP Server is in place check following things for OID to third party integration (DIT, Default Realm, nickname attribute)
—–As of Integration build 5 synching users from E-Business to OID is supported with default realm only. Take special care if you have multiple realms in LDAP Server


–One SSO User account can be mapped to Multiple Users in E-Business Suite (other way is not supported), Do you need this ?

–Multiple E-Business Suite can use Single OID/SSO Instance or each E-Business Suite Instance can be registered with its own OID/SSO. For Dev & Test E-Business Suite you may be interested in registering them to single OID/SSO Instance.

–User Creation/Management/Updates : From OID to Apps, Apps to OID or bidirectional

– Attributes to synch during ongoing Updates
* All user attribute sync can’t be updated between OID & E-Business Suite. Check provisioning profile used for synch between Apps & OID
* Check if TCA tables are updated as required with User Updates in OID

– Decide on how Users will be loaded Initially :
—-From OID to E-Business (Users are already in OID but E-Business Suite is new implementation)
—- E-Business Suite to OID (Users are already in E-Business Suite but OID is new implementation)
—- In both E-Business Suite & OID (OID and E-Business both has user base but not in sync) You can reconcile user base in Apps & OID

– E-Business Suite Home Page (Portal or Framework)

– Is Password Policy in E-Business Suite different from Password policy in SSO ? Things like
—-User should change password on first time login
—-Password Strength, minimum number of characters & at least few some number
—-Password will expire after n number of days

–Idle Session Time out for SSO
* By default there is no Idle Session timeout in Oracle SSO Server (There is default Global Session Time Out set at SSO with value 8 hours) but E-Business Suite is configured with Idle Session time out of 30 minutes. To set Idle Session time out value to desired value in SSO Server check Oracle SSO Admin Guide

More on 10g Application Server (OID/SSO) integration with E-Business Suite coming soon..

——–User creation/update/synch flow in OID-Apps(E-Business Suite) Integrated instances and troubleshooting user creation/update issues ?

——-User login flow in OID-Apps(E-Business Suite) Integrated Instances and troubleshooting login issues ?

——-Common tasks for which Apps DBA’s should take extra care in Apps/OID/SSO integrated instances (Cloning, changing apps password, patching…)

What languages and currencies are enabled in EBS

One of my colleague asked me about the languages and currencies being used in a new instance which has gone live. For languages we have this query:

select language_code
from fnd_languages
where installed_flag='I'

For currencies, I told him that in EBS all currencies are enabled. I executed the following query:

select CURRENCY_CODE,symbol
from apps.fnd_currencies
where enabled_flag='Y'

It returned 71 rows.

Total rows in fnd_currencies was 249.

However, I thought of a more logical way of getting this data. That would be to query transaction tables. Which transaction table to query here ? I queried dba_segments for the largest objects:

select object_name,bytes
from dba_segments
order by bytes desc;

After the usual fnd_lobs etc., gl_interface table came up. So I created this query:

SQL> select currency_code,count(*)
from apps.gl_interface
group by currency_code; 2 3

CURRENCY_CODE COUNT(*)
--------------- ----------
VND xxx
EUR xxx
USD xxx
SGD xxx
JPY xxx


VND = Vietnamese Dollar
SGD = Singapore Dollar
JPY = Japanese Yen
EUR = Euro
USD = US Dollar

File too large zip error: Output file write failure

File too large zip error: Output file write failure

Recently while zipping a few directories for a clone, I got this error when the file size became greater than 2 GB.

File too large

zip error: Output file write failure (write error on zip file)

I tested the file system's ability to create files greater than 2 GB by creating a dummy 3GB file:

dd if=/dev/zero of=3gb-file bs=1024k count=3000

The 3 GB file got created without issues.

Then I checked the zip version.

$ zip -v
Copyright (c) 1990-2006 Info-ZIP - Type 'zip "-L"' for software license.
This is Zip 2.32 (June 19th 2006), by Info-ZIP.
Currently maintained by Onno van der Linden. Please send bug reports to
the authors using http://www.info-zip.org/zip-bug.html; see README for details.

So I checked http://www.info-zip.org

I clicked on the zip link: http://www.info-zip.org/Zip.html and found these lines:

Latest Release
New features in Zip 3.0, released 7 July 2008:


•large-file support (i.e., > 2GB)
•support for more than 65536 files per archive
•multi-part archive support
•bzip2 compression support
•Unicode (UTF-8) filename and (partial) comment support
•difference mode (for incremental backups)
•filesystem-synch mode
•cross-archive copy mode
•extended progress info and logging
•improved archive-fixing support
•improved streaming and piping
•improved command-line parser
•improved Unix FIFO support
•Unix 32-bit UIDs/GIDs (requires UnZip 6.0 to restore)

So I went to www.sunfreeware.com, downloaded zip 3.0 package and installed it on the server. Once zip 3.0 was installed, the zip command succeeded without errors

Query to check CPU patch level

After moving from CPU patches to PSU patches for Database, we no longer get the CPU information from the query:

SQL> select comments from registry$history;

SQL> select comments from registry$history;

COMMENTS
--------------------------------------------------------------------------------
CPUOct2008
CPUApr2008
view recompilation
Upgraded from 10.2.0.3.0
CPUJan2009
CPUJul2009
PSU 10.2.0.4.1
CPUOct2009
PSU 10.2.0.4.2
CPUJul2010
CPUOct2010
view invalidation
Upgraded from 10.2.0.4.0
Patchset 11.2.0.2.0
CPUApr2011
CPUJul2011
CPUOct2011
PSU 11.2.0.2.5

18 rows selected.

If you notice it only shows Patchset 11.2.0.2.5 instead of having two rows one for PSU and one for Jan 2012 CPU which is included in the PSU.

We always apply all CPU patches relevant to our techstack, which usually means the database patches applied with opatch and EBS patches applied with adpatch.  So I created a query based on the EBS patch numbers for CPUs from April 2011 - July 2012 CPU:

column BUG format a8;
column PATCH format a60;
set linesize 100;
set pagesize 200;
select b.bug_number BUG, b.LAST_UPDATE_DATE LDATE, decode(bug_number,
13979374, 'July 2012 CPU patch for 11i+RUP7',
13979377, 'July 2012 CPU patch for 11i+RUP6',
13979372, 'July 2012 CPU patch for R12.1+ATG_PF.B.Delta3',
13979375, 'July 2012 CPU for R12.0+ATG_PF.A.Delta6',
13621942, 'April 2012 CPU for R12.1+ATG_PF.B.Delta2',
13621941, 'April 2012 CPU for R12.0+ATG_PF.A.Delta6',
13621940, 'April 2012 CPU for 11i+RUP7',
13621939, 'April 2012 CPU for 11i+RUP6',
13322561, 'Jan 2012 CPU for R12.1+ATG_PF.B.Delta2',
12794416, 'Jan 2012 CPU for R12.0+ATG_PF.A.Delta6',
13322559, 'Jan 2012 CPU for 11i+RUP7',
13322557, 'Jan 2012 CPU for 11i+RUP6',
12794417, 'Oct 2011 CPU for R12.1+ATG_PF.B.Delta2',
12794416, 'Oct 2011 CPU for R12.0+ATG_PF.B.Delta6',
12794415, 'Oct 2011 CPU for 11i+RUP7',
12794414, 'Oct 2011 CPU for 11i+RUP6',
12406916, 'Jul 2011 CPU for R12.1',
12406915, 'Jul 2011 CPU for R12.0',
12406914, 'Jul 2011 CPU for 11i+RUP7',
12406913, 'Jul 2011 CPU for 11i+RUP6',
11660357, 'Apr 2011 CPU for R12.1',
11660356, 'Apr 2011 CPU for R12.0',
11660355, 'Apr 2011 CPU for 11i+RUP7',
11660354, 'Apr 2011 CPU for 11i+RUP6'
) PATCH
from APPS.AD_BUGS b
where b.BUG_NUMBER in ('13979374','13979377','13979372','13979375','13621942','13621941','13621940',
'13621939','13322561','12794416','13322559','13322557','12794417','12794416','12794415','12794414',
'12406916','12406915','12406914','12406913','11660357''11660356','11660355','11660354')
order by patch;

Result on the same instance:
BUG      LDATE           PATCH
-------- --------------- ------------------------------------------------------------
11660355 20-AUG-11       Apr 2011 CPU for 11i+RUP7
13322559 12-MAY-12       Jan 2012 CPU for 11i+RUP7
12406914 19-NOV-11       Jul 2011 CPU for 11i+RUP7
12794415 11-FEB-12       Oct 2011 CPU for 11i+RUP7