install_ojvmwcu.sql and “Enter value for 1:”

In the Oracle JVM Web Services Call-Out Utility Developer’s guide, it states that the install_ojvmwcu.sql script must be run, but if you do that, it will ask you for a value. Which value?

In 12.2.0.1 the script has been changed, but the documentation hasn’t. The value it is asking for is a password, the password of the OJVMWCU_INSTALL user. Hang on? According to the docs this user must be created manualy first… not any more.

The “install_ojvmwcu.sql” calls “@configure_ojvmwcu.sql &1”, that’s where the “Enter value for 1:” comes from.
The “configure_ojvmwcu.sql” contains:

install_schema  VARCHAR2(20) := 'OJVMWCU_INSTALL';
...

procedure create_user as
  user_exists integer := 0;
begin
  select count(1) into user_exists from dba_users where username = install_schema;
  if user_exists != 0 then
    execute immediate 'drop user ' || install_schema || ' cascade';
  end if;
  execute immediate 'create user ' || install_schema || ' identified by &1';
...

Aha! The &1 the password of the OJVMWCU_INSTALL user, if it’s there it will be dropped and it will be created.

So, run “install_ojvmwcu.sql  password” for installing and creating the OJVMWCU_INSTALL user automagically. After that, grant users with “@grant_ojvmwcu.sql  user”.

Oh, run an “utlrp” (recompile invalid objects) after running the install_ojvmwcu.sql script.

Happy installing.

ODA upgrade to 12.2 fails with [DCS-10001:Internal error encountered: Fail to run root scripts..]

During an upgrade to 12.2.1.4 and in the step running GRID root scripts, the upgrade fails with:

[DCS-10001:Internal error encountered: Fail to run root scripts..]

After that if you run the upgrade again, you will get the following error:

[DCS-10001:Internal error encountered: Fail to extract the GI clone file.]

When I got there error’s, I found in the logging (/u01/app/12.2.0.1/grid/install/root_<host_name>_<date>_<time>-<more_numbers>.log) that there was no PKI trust set up between the ODA and ‘itself’ (aka passwordless login). The Oracle GRID upgrade works by accessing all the nodes in it’s cluster via ssh, including itself. But This was a single (non HA) machine (X6-2M), so did not expect it. Continue reading

ORA-13785: missing target object for tuning task “SYS_AUTO_SPM_EVOLVE_TASK”

A small walkthrough in ‘clearing’ the ORA-13785 error. This might be in the alert log or when you run DBMS_SPM.REPORT_AUTO_EVOLVE_TASK without and object ID. It probably defaults with object ID ‘1’, which is the last run evolve task(?).

The ‘SYS_AUTO_SPM_EVOLVE_TASK’ ‘root object ID’ (I’m not sure if it is called like this) seemed missing, adding it and resetting and resuming SPM resolved the error. This is all done with trial and error, cross checking a working 12c database and a lot of common sence. BACKUP FIRST! It also includes ‘recreating’ the ‘root object ID’ for ‘SYS_AUTO_SQL_TUNING_TASK’ which I found also missing. Continue reading

Oracle native connection encryption (in WebLogic Connection Pools)

Wallets for encrypting database connections? No, not any more…!

When you want to encrypt your client connections to the database, one used to create Oracle Wallets. With an Oracle wallet you run ‘SQL*Net over an SSL connection’. Your tcp connection will be transformed to tcps.

This is not necessary if you easily want to encrypt all your connections to the database. You do not use tcps, you still use tcp, but you encrypt SQL*Net traffic, which is a different approach.

If you use “Native Oracle Net Services encryption and integrity”, you can encrypt all SQL*Net traffic from a client, for all connections to a database and it’s even also configurable per WebLogic Connection Pool. Continue reading

Authenticate Oracle 12c database users against Active Directory

Following is tested with Oracle 12.1 on Linux 6 (on Exadata) and a Windows 10 client.

“Yet another blog on how to authenticate database users against Active Director using Kerberos…”

I have read and tried a view blogs on how to get this done, but somehow I have found them a bit limited because they talk about a simple configuration with one database on one host. When you have to deal with multiple hosts and multiple databases per host, you need to take some things into account.

Lets start with some explanations, a walk through is below that.
Continue reading

SQLNET.KERBEROS5_CONF_MIT : Unsupported Parameter in 12.1

https://docs.oracle.com/database/121/NETRF/changes_rf.htm#NETRF2100

  • Unsupported ParametersThe following parameters are no longer supported:
    • SQLNET.KERBEROS5_CONF_MIT

No it’s not!

If you leave it out, you will get:

Password for airell@[logging]:

In stead of:

Password for airell@DOMAIN.LOCAL:

If you leave it out, one must not use the MIT layout… but where is the non-MIT layout described? It looks like the domain must be present on the first line of the file… for now, I will still use the MIT layout.

Cheers!

 

Enabling Oracle 12c direct NFS client on Windows

Yes, enabling the Oracle 12c direct NFS client on Windows and it is documented, but I didn’t get changed on Oracle Support (I have send an improvement request for Doc ID 1468114.1)…

One needs to run ‘%ORACLE_HOME%\bin\enable_dnfs.bat’ now, which does NOT copy the ‘oranfsodm12.dll’ over the ‘oraodm12.dll’, but it copies the ‘oranfsodm12.dll’ to the ‘%ORACLE_HOME%\rdbms\lib\odm\’ directory!

After the file has been copied and Oracle is restarted, the [Oracle instance running with ODM: Oracle Direct NFS ODM Library Version 3.0] line in the alert.log is shown!

Enabling Direct NFS Client – documentation

Oracle Database Installation Guide for Microsoft Windows – Oracle Database Postinstallation Tasks – 7.5.1.5 Enabling Direct NFS Client: http://docs.oracle.com/database/121/NTDBI/postcfg.htm#CHDFGFDC

ps. on Windows the supported ‘nfs_version’ is still NFSv3 :(

ORA-28040: No matching authentication protocol – SQLNET.ALLOWED_LOGON_VERSION_SERVER

Ah, an old client is trying to connect to Oracle 12c (presumably)… ;)
Also “ORA-03134: Connections to this server version are no longer supported” can occur.

This actually implies that the authentication protocols use between client and server do not match. In Oracle 12c, the authentication protocol uses SHA-2 encryption algorithm by default, where older clients use SHA-1. So when an older client is used with defaults, the server will not accept the connection.

The best option would be upgrading the client, but when older dll’s are used (like ojdbc14.jar and you can not change this), this is a problem. The database instance can be told to accept older clients and use the older SHA-1 encryption algorithm.

SQLNET.ALLOWED_LOGON_VERSION_SERVER

Continue reading

Data Guard 12c: Warning: standby redo logs not configured for thread 1, Insufficient SRLs

Well, I have configured some 30 ‘Data Guards’ by now, but I never came across this warning, it seems it’s new in 12c:

DGMGRL> validate database cdb1dgsara

  Database Role:     Physical standby database
  Primary Database:  cdb1dgkara

  Ready for Switchover:  Yes
  Ready for Failover:    Yes (Primary Running)

  Future Log File Groups Configuration:
    Thread #  Online Redo Log Groups  Standby Redo Log Groups Status
              (cdb1dgkara)            (cdb1dgsara)
    1         3                       2                       Insufficient SRLs
    Warning: standby redo logs not configured for thread 1 on cdb1dgsara

Hang on, standby redo logs not configured? I have 4 groups! Continue reading

Oracle 12c installation will fail: Error in invoking target ‘irman ioracle’

During the installation of Oracle 12c (12.1) I encountered the following error:

Error in invoking target 'irman ioracle' of makefile
    '/u01/app/oracle/product/12.1.0/dbhome_1/rdbms/lib/ins_rdbms.mk'.
See '/u01/app/oraInventory/logs/installActions2015(...).log' for details.

Inside the logfile the following error is encountered:

INFO: collect2: ld terminated with signal 9 [Killed]

According to metalink doc 2040972.1 this is due to less memory available (in a VM environment). Continue reading