Andreas' Adventures

As I always forget this (and have to look for it) I will put it into my blog - maybe I will memorize it now ;-) SELECT value$ FROM sys.props$ WHERE name = 'NLS_CHARACTERSET';

Setting up Data Guard with Maximum Protection requires the Data Guard Broker. Having setup Data Guard a couple of times without the broker I thought "how difficult can it be?" and started. After some preparations I started the dgmgrl in order to configure the various sites. To my astonishment no command at all was recognized. I have to admit that I even went back to the manuals to see if it was my fault. And then - shame on me - I tried to use the help function inside the dgmgrl. See what happens then: WHAHAHAHA! Ok, so either I was seriously stupid or there was an error - probably a relink issue. A good friend of mine at Oracle PTS - Robert Pastijn - offered the needed help and pointed out that a bug was introduced on AIX in the upgrade from 10.2.0.1.0 to 10.2.0.2.0 . The patch fixed this problem. So after all Oracle did not (yet) follow the classic Microsoft error: Error - No Error.

Lately I ran into a strange problem. I switched on my Wireless Network on my laptop only to find out that every time it receives a hostname localdomain and an IP address of 192.168.2.174 . Of course I blamed Windows as this is often the problem. However I found out that the problem is the DHCP Server of the VMWare Server. This seems to assign DHCP leases not only for the networks towards the Virtual Machines but also to the host as well. The only remedy is to shutdown the Windows service of the VMWare DHCP Server when requesting a new IP address.

When running the runcluvfy.sh I received the following error: /tmp does not exist and is not writable The reason for this is the fact that during the setup of the user equivalence the ssh to the own host was not performed. This leads to the issue that the commands in the runcluvfy.sh are not issued on the localhost. This leads to the strange error, as the /tmp directory did of course exist.

During the installation of an Oracle Application Server I mistyped the instancename. I was not so keen on re-installing everything. So I tried to change the name of the instance. Mind you - I'm talking about the name that is displayed when issuing an opmnctl status The solution is pretty easy: Edit the ias.properties and the opmn.xml . Change the instancename there and restart the opmn.

Came across the following last week - and I have to admit that this is something which made my eyes hurt. When you are in the Policy Manager of the Oracle Identity Management Suite and you want to add a group you REALLY need to know that there is a hidden link on this page. Try to find it yourself in the next picture: Found it? No? Let me give you a hint. Look in the blue band and search for some blue text :-) I'm not sure if anybody knew about this. I checked the documentation, and nothing about adding a group to such an Authorization Rule for groups is written in there. I wonder if anybody at Oracle knows about this hidden gem. I will log an SR with Support and also mail some people I know at Oracle to discuss this perfect piece of user interface design.

Nowadays you see a lot of those nifty no-nonsense datacenters where everything is ordered and no room is left for human ingenuity. However - once in a while you encounter some good old-fashioned folks, who think that intelligence rules over the chaos. Here is a lovely picture from one of my customers. Well - in order to protect the innocent let me say that their network is ok!

When installing the Oracle Access Manager WebGate and WebPass in different directories on Windows you will encounter some problems when it comes to forms-based authentication. The reason for this lies in the configuration of the IIS (oh - how I like Apache :-) . The redirection to the forms based HTML login and its redirection can easily fail as the IIS is not aware of the different location of the other directory. I solved this by changing the Virtual Directory settings in the IIS. Here is a picture that will give you an idea where and how to do this:

Today during a workshop where we had to setup the Oracle Access Manager we had a very detailed cookbook. Then I reached the following page: I hit next and always received a strange error - stating that the inetOrgPerson could not be found in the LDAP. Well - I have to say for my defense that I suffered from fever, cold, and headache. Just restarting the servers OUTSIDE the browser did the trick! Going to bed and get rid of my fever. cu Andreas

Lately I've been doing some AD-OID synchronization. Should be not that difficult, but as so often the devil is in the detail. The AD admin created a user that is capable of reading the complete AD - as it is described in the documentation. Then I tried to login. And tried, and tried. Password was reset, different password was used, etc. No luck. I tried a very easy ldapsearch and received the follwoing error: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893 HEX: 0x531 - not permitted to logon from this workstation DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.) LDAP[userWorkstations: ] NOTE: Returns only when presented with valid username and password/credential. Aha, that gave me a clue. So the username and password seemed to be correct. Some googeling established the problem. The user was created but the AD admin did not allow the user to login to the machine where the AD was running.

Sometimes I wish that there was just one language and therefore just one keyboard. I'm working in Belgium right now and at this customer there is no possibility to use my laptop on the network. Instead they have a thin client concept based on Citrix. That is ok but working with a Belgian keyboard just makes my hands hurt. I have switched the locale to English. But now I have to convince my eyes that there are different keys. Also after locking the PC I mistyped my password too often (the Citrix environment was still on FR) so the helpdesk had to unlock my account. I have not yet done Oracle related work on this machine but I cannot imagine what will happen when doing some interessting stuff with the DB or the Application Server and entering $#@%^& instead of some numbers or terminating each command with an m (that's where they've put the semicolon).

In my previous post http://achatzia.blogspot.com/2007/09/stand-alone-oracle-http-server-vs-as.html I said that there are two separate code trees for the OHS. Now I found at least one difference. If you have a look at the mod_oc4j.conf file you will see that the standalone version includes LoadModule oc4j_module modules/mod_oc4j.so while the AS version does include LoadModule oc4j_module modules/ApacheModuleOc4j.dll This of course is the Windows version. If somebody wants to check if such a difference exists with a Unix version I would like to hear that as well.

I just learned the following, which I wanted to share with you. One reason for using the 10.1.3.3 HTTP Server rather than the companion cd - Apache 2.0 - version is that no generic patchsets are ever issued for the Apache 2.0 version. It means that the MOD_OC4J component which comes with the 2.0 version always stays the same and neve r receives any bug fixes. You can also more easily configure the base 10.1.3 HTTP Server as part of an OracleAS 10.1.3 cluster topology. I had the idea that a stand alone OHS in the web tier (e.g. in the DMZ) would be a better setup as there are less points to attack, especially as there is a direct exposion to the Internet. I'll try to switch to the AS 10.1.3.x version instead of the stand alone OHS to see if this solves my problem. However I do not understand why Oracle keep different patch regimes with their software when they should share the same code base?

I thought that using the Oracle Enterprise Linux for the 11g would be a pretty cool idea. Actually the installation experience is not different from a normal RH ES version. I would have thought that a couple of necessary packages were already included (unixODBC, libaio, etc) but I guess that this is the age-old problem of having the OS out there for some time when the software (DB) is still in development. It would be awesome if Oracle would come up with a intermediate release of the OEL when they bring out a new version of the DB or the AS (yes I like to daydream :-) When installing the software no issues were detected. However when I build the Database (dbca) it seemed to hang at 45%. I retried three times (sample schemas on/off). Then I left it running while I was having lunch. And guess what: it just takes a little bit longer. So when installing 11g just bring a little bit of patience with you.

Ok, I promise I will take more time to read things like manuals and other documents when it comes to new features in the database. Take the Flashback Recovery Area (FRA). Oracle does store archive logs in there, which is cool as it speeds up the recovery. The bad thing is that the Oracle Database behaves like a small child. When you do not look it will do strange things. So I was busy setting up the online backup of an infrastructure database. This one is still in 10.1.x while all the others in this environment are on 10.2.x . For the RMAN I have a catalog (also 10.2.x) so I had some problems with the versions as the 10.1.x database refused to get into the 10.2.x RMAN catalog. I thought that I have plenty of space for the archivelogs in the ASM (everything was RAC of course). I turned my attention to some other issues (aka not watching your kid for a moment). Then during an important demo for the client a developer told me that he cannot use the OID. Of course I checked, but the OID wa...

I participated in the OCP beta exam for the AS 10g. About two years ago the beta exam for AS 10g (based on 9.0.4) was held. I did this exam without any serious preparation and succeeded. Yesterday however the exam was different. As promised (and required by Oracle) I'm not going to give you details of the exam! Don't even try to ask :-) The beta exam has more questions (and more time) than a normal exam. Oracle will rate you only on the questions that will make it into the real exam. I have to admit that this time I had a lot of effort put into the preparation. I've read a lot of manuals and checked out a lot of things. I was puzzled when I found out that the distribution of the question was somewhat skewed. Imagine that there are 16 topics in the exam, but three topics make up to 40 % of the questions. And you feel this one coming up: these topics were not my strong point. I'll have to wait until the autumn to find out if I have passed this one. I'll let you know.

A while back I had the problem that my CRS information was lost . Now I had found that when I did a crs_start of the component I received the following error: CRS-0254 authorization failure Some investigation showed that the problem was related to the fact that the component was not owned by the oracle user. Using crs_getperm ora.ORCL.db showed the problem. oracle@myhost:/opt/oracle/crs/bin>./crs_getperm ora.ORCL.db Name: ora.ORCL.db owner:root:rwx,pgrp:system:r-x,other::r--, This can be solved by doing the following: crs_setperm ora.ORCL.db -o oracle crs_setperm ora.ORCL.db -g dba Now it works again. cu Andreas

Recently I was busy with the mod_oc4j clustering of two standalone OHS machines. As Oracle has integrated ONS into OC4J in 10.1.3.x you have to provide your own ons.conf file (just copy one from a 10.1.2.0.2 environment). But what happend to me was strange. I added a new node (machine_C.mydomain.local) while I removed another one (machine_A.mydomain.local). However getting the opmnctl status @farm still showed the machine_A in the list. Some investigation delivered the following: In the directory $ORACLE_HOME\opmn\logs\states two entries do exist: .opmndat p12345678 When you shutdown the OPMN the p* file will disappear. However the .opmndat file will remain there. Remove it, it will be rebuild with the next opmnctl startall. Now my machine_A.mydomain.local was gone and the machine_C showed up. cu Andreas

Almost everbody knows how to create backups of the controlfile. Usually a alter database backup controlfile to trace; is used . And now for the 64000$ question: Which information is not backed up by this command? The answer is: THE BACKUP RECORDS! In order to prevent the loss of this information you can better use the following command: alter database backup controlfile to '/a_real/location/inyour/system';

In order to get the routing ID that is used within OPMN issue the following command: opmnctl status -app -l Applications in Instance: as1013 application type: OC4J -----+------------+---------+---------+----------+-------------+-------- pid | name | state | rtid | routable | appctx | parent -----+------------+---------+---------+----------+-------------+-------- 3184 | system | started | g_rt_id | true | | 3184 | default | started | g_rt_id | true |/.rmiTunnel| system 3184 | DaonEngine | started | g_rt_id | true | | default 3184 | ascontrol | stopped | g_rt_id | true | | 2852 | system | started | g_rt_id | true | | 2852 | default | started | g_rt_id | true | /.rmiTunnel | system 2852 | bc4j | started | g_rt_id | true | ...