Monday, July 3, 2023

Oracle SQL Developer and JDK

After Oracle SQL Developer was installed (without including JDK in the pack) on my new laptop, its first launch creates file C:\Users\user_ID\AppData\Roaming\sqldeveloper\product.conf, which specifies and saves the path of Java. In the first run, it brings up a popup box says "Please specify the path to the Java JDK home (e.g. ... ...)". The correct path has to be entered here for SQL Developer to fire up. On my laptop, after I click on OK to accept default path C:\Program Files (x86)\Java\jdk18, the popup box goes away. Then nothing shows up and it seems at a dead end.

During troubleshooting, I learned my laptop has two Java installation locations, which leads some confusion. The one in C:\Program Files\Java\jdk18 is a 64-bit that was requested and installed for being used by SQL Developer. SQL Developer installed is a 64-bit application and needs 64-bit Java. After I entered C:\Program Files\Java\jdk18 in the popup box, SQL Developer 21.4.3 worked and the Properties info can be viewed by Help -> About.

It the first launch, it asks if you want to import preference from previous version. I copied over folder C:\Users\user_ID\AppData\Roaming\SQL Developer\system20.4.1.407.0006 from my old laptop, and let import copy SQL Developer setups from old computer. It keeps all database connections (ID & password). This is exactly what I want.

SQL Developer connection info is saved in location C:\Users\user_ID\AppData\Roaming\SQL Developer\systemX.X.X.X.X\o.jdeveloper.db.connection\connections. It is a good practice to back it up from time to time.

-- How to fine JAVA HOME and Java info on Windows?

On the Windows machine, use "cmd" window. 

Microsoft Windows [Version 10.0.19044.3324]
(c) Microsoft Corporation. All rights reserved.

c:\> echo %JAVA_HOME%
C:\Program Files\Java\jdk18;C:\Program Files (x86)\Java\jdk18

It shows two Java installations. The one in C:\Program Files\Java\jdk18 is a 64-bit,

c:\>cd \Program Files\Java
c:\Program Files\Java>dir
 ... ...
08/14/2023  09:21 AM    <DIR>          jdk18
08/14/2023  09:12 AM    <DIR>          jre8

c:\Program Files\Java>cd jdk18
c:\Program Files\Java\jdk18>dir /A:D
... ...
08/14/2023  09:21 AM    <DIR>          bin
08/14/2023  09:21 AM    <DIR>          include
08/14/2023  09:21 AM    <DIR>          jre
08/14/2023  09:21 AM    <DIR>          legal
08/14/2023  09:21 AM    <DIR>          lib

c:\Program Files\Java\jdk18>cd bin
c:\Program Files\Java\jdk18\bin>java.exe -version
java version "1.8.0_281"
Java(TM) SE Runtime Environment (build 1.8.0_281-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.281-b09, mixed mode)

The JDK in C:\Program Files (x86)\Java\jdk18 is 32-bit.

c:\Program Files\Java\jdk18>cd \Program Files (x86)\Java\jdk18
c:\Program Files (x86)\Java\jdk18>cd bin
c:\Program Files (x86)\Java\jdk18\bin>java -version
java version "1.8.0_281"
Java(TM) SE Runtime Environment (build 1.8.0_281-b09)
Java HotSpot(TM) Client VM (build 25.281-b09, mixed mode)

-- How to find out the Windows is 64-bit or 32-bit?

Go to Start > Settings (a wheel icon) > System > About

System Type: 64-bit operating system, x64-based processor
Posted by at No comments:

Friday, June 9, 2023

How to allow only specific users to access EBS site

During some special time periods, Business management wants to restrict users to access R12.2 EBS website but allow only one or two users to complete some dedicated tasks, such as month-end process. 

Oracle EBS has a way to do that. See Oracle Doc ID 605538.1 (How To Lock Users Out Of E-Business Suite And Allow Specific Users). This only works if EBS website does not have multiple web nodes which may use load balancing (such as F5) in the middle.

Our users use VPN to log onto company's network and PC. After I added below lines to file $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OHS/EBS_web/custom.conf and bounced apps services, only users use the two IP addresses can access our EBS site and all other users get "Forbidden oops." message on the login page. 

<Location ~ "/OA_HTML">
Order deny,allow
Deny from all
Allow from 10.55.xxx.92
Allow from 10.53.xxx.134
ErrorDocument 403 "Forbidden oops."
Allow from localhost
</Location>

Use "grep ohs_inst $CONTEXT_FILE" to identify the OHS# (i.e. EBS_web_OHS1) and the location.

If load balancing is used, above method may not work because end-user's IP may not reach EBS server. Other ways can be used to accomplish this but additional work is needed.
1. Create a special Responsibility. Then, disable all other Responsibilities. Only users in the new Responsibility will be able to log into EBS site to do the work.
2. You can disable/enable users in bulk using API. But this will change last_update_date and last_updated_by of table fnd_user, and may become a security auditing concern (specially when we have 57,000+ active users in the system. Huge worry is users' password would still work).
    fnd_user_pkg.disableuser('<username>');
    fnd_user_pkg.enableuser('<username>');
3. Ask internal firewall team to restrict access to the EBS Load Balancer URL to specific IP addresses.
4. Change the Load Balancer port to a temporary port that only will be given to the authorized users, and after the archive process is complete, the port can be switched back to the original port so it becomes available to all users.

An alternative solution is keep running a query to monitor who is using EBS site.

Posted by at No comments:

Friday, May 12, 2023

How to capture HTTP Header information from the client browser

Steps to generate the HAR file for Chrome (Version 112.0.5615.140). It is part of Oracle Doc ID 815734.1 (How to Gather HTTP Header Information From a Client PC)

1.    Open Google Chrome and go to the page (such as EBS login page) where the issue is occurring.
2.    Bring the Chrome menu by clicking on the upper right > More tools > Developer Tools.
3.    From the panel opened at the bottom of your screen, select the Network tab.
4.    Look for a round Record button (Record button) in the upper left corner of the Network tab, and make sure it is red. If it is grey, click it once to start recording.
5.    Check the box next to Preserve log .
6.    Click the Clear button ( Clear button ) to clear out any existing logs from the Network tab.

7.    Now try to reproduce the issue that you were experiencing before, while the network requests are being recorded.
8.    Once you have reproduced the issue, right click anywhere on the grid of network requests, select Save as HAR with Content, and save the file to your computer.
9.    Upload your HAR file to your ticket or attach it to your email so that we may analyze it.


Somehow, during the capture, I do see some menu items are missing from System Administrator responsibility.  

 

Posted by at No comments:

Monday, May 1, 2023

Which EBS server did a user session log into?

Oracle Doc ID 364439.1 (Tips and Queries for Troubleshooting Advanced Topologies) provides a few useful queries. One of them is to tell what server a user logged into.

A query to show and monitor all users who logged to the system within the last hour.

col server_name format a12
col user_name format a30
select
  to_char(first_connect, 'HH24:MI:SS') "TIME",
  user_name,
  decode
   (a.node_id,
   a.node_id,
   (select node_name  
   from fnd_nodes n  
   where a.node_id=n.node_id),a.node_id) server_name
from
  icx_sessions a,
  fnd_user b,
  fnd_nodes svr
where
  first_connect > (sysdate-1/24)
  and (a.user_id=b.user_id
       and a.node_id=svr.node_id)
  and disabled_flag='N'
order by first_connect;

TIME      USER_NAME         SERVER_NAME
----------- --------------------------- ------------
20:11:21 SYSADMIN          HOSTBE
20:17:53 USER                   HOSTINT
20:19:16 OPERATIONS     HOSTEMT
20:39:21 GUEST                HOSTPC8  (did not login, hit "forgot password")
Posted by at No comments:

Tuesday, April 25, 2023

Upgrade AD and TXK from Delta 12 to Delta 14 RUPs in R12.2

AD.C.Delta.14 (patch 33600809) and TXK.C.Delta.14 (patch 33602997) are pre-requisite for January 2023 CPU patches (see Doc ID 2916871.1). We have to apply them before that CPU patch set can be applied to R12.2 instance.

Oracle document ID 1617461.1 (Applying the Latest AD and TXK Release Update Packs to Oracle E-Business Suite Release 12.2) gives details on how to apply the latest Oracle Applications DBA (AD) and Oracle E-Business Suite Technology Stack (TXK) release update packs (RUPs) to EBS R12.2. I performed below steps to upgrade them to delta 14 from delta 12 in my instances where existing package levels are:
R12.AD.C.Delta.12
R12.TXK.C.Delta.12
R12.ATG_PF.C.delta.9 (30399994)

1. DBA runs the latest version of ETCC (via Patch 17537119), and ensure all required database objects by the Delta 14 RUP installation process will be found. One of recent database PSU patches will help to achieve this.

The following optimizer parameter should always be set to a value of TRUE:
_disable_actualization_for_grant=true

2. Pre-step: download all .zip files and unzip them to $PATCH_TOP (or an alternation folder) of all nodes. Then, DBA runs $PATCH_TOP/34669333/admin/adgrants.sql as SYSDBA

AD critical patch 34669333 has the latest adgrants.sql, as of now. Please read the instruction in the file before run it.

$ grep Header $PATCH_TOP/34669333/admin/adgrants.sql
REM $Header: adgrants.sql 120.67.12020000.123 2022/09/30 21:13:17 jwsmith ship $

3. Verify new db account ebs_system. 
adgrants.sql creates new database account ebs_system. Unlock it and change its password to be the same as SYSTEM's password (if it has not been done yet). 
$ sqlplus system/systemPWD
SQL> alter user ebs_system account unlock;
SQL> alter user ebs_system identified by systemPWD;
SQL> conn ebs_system/systemPWD

4. Run the validation script
$ perl $PATCH_TOP/33600809/ad/bin/adValidateEbssystemSchema.pl

Enter the APPS password:
Enter the SYSTEM password:
Validating APPS credentials...validated successfully
Validating SYSTEM credentials...validated successfully
Validating EBS_SYSTEM user
ebssys entity is not registered
All required validations completed successfully

5. Optional: Validate adop, and stop all services (if use downtime mode to apply the patch)
$ adop -validate
$ adop -status

$ cd $ADMIN_SCRIPTS_HOME
$ ./adadminsrvctl.sh stop
$ ./adnodemgrctl.sh stop

$ ps -ef | grep $LOGNAME

6. Apply AD.C.Delta.14 patch, plus 3 critical patches, by running below line on primary mode. I used downtime mode to apply them.

$ adop phase=apply apply_mode=downtime patches=33600809,34668508,34669333,34681299 merge=yes patchtop=$PATCH_TOP

Enter the APPS password:
Enter the SYSTEM password:
Enter the WLSADMIN password:

If patching gets error, most likely there is a problem with something else. Confirm 4 patches were applied to all nodes:
SQL> SELECT adb.bug_number, aas.name appl_top_name, adb.creation_date, adb.language,
decode(ad_patch.is_patch_applied('R12',aas.appl_top_id,adb.bug_number,adb.language),'EXPLICIT','APPLIED','NOT_APPLIED','NOT APPLIED') status
FROM ad_bugs adb,
(select distinct appltop_id appl_top_id, node_name name from ad_adop_sessions 
           where node_name in (select node_name from ADOP_VALID_NODES) ) aas
where adb.bug_number in (
'33600809',
'34668508',
'34669333',
'34681299'
) order by creation_date desc, adb.bug_number,aas.name,adb.language;

UPDATE in July 2023: patch 35280947 was added as a AD critical patch in the document. When they were applied to an instance with one single node, the adop log is

$ adop phase=apply apply_mode=downtime patches=33600809,34668508,34669333,34681299,35280947 merge=yes patchtop=$PATCH_TOP
... ...
Copying files...
5% complete. Copied 26 files of 519...
10% complete. Copied 52 files of 519...
15% complete. Copied 78 files of 519...
20% complete. Copied 104 files of 519...
25% complete. Copied 130 files of 519...
30% complete. Copied 156 files of 519...
35% complete. Copied 182 files of 519...
40% complete. Copied 208 files of 519...
45% complete. Copied 234 files of 519...
50% complete. Copied 260 files of 519...
55% complete. Copied 286 files of 519...
60% complete. Copied 312 files of 519...
65% complete. Copied 338 files of 519...
70% complete. Copied 364 files of 519...
75% complete. Copied 390 files of 519...
80% complete. Copied 416 files of 519...
85% complete. Copied 442 files of 519...
90% complete. Copied 468 files of 519...
95% complete. Copied 494 files of 519...
100% complete. Copied 519 files of 519...

Character-set converting files...
  5 unified drivers merged.
Patch merge completed successfully

Please check the log file at $ADOP_LOG_HOME/8/20230804_163029/apply/$EBS_HOSTNAME/admrgpch.log.

Applying patch ADOP_MRG_20230804_1691181079:u_ad_3366500462.drv.
    Log: $ADOP_LOG_HOME/8/20230804_163029/apply/$EBS_HOSTNAME/ADOP_MRG_20230804_1691181079/log/u_ad_3366500462.log

Running finalize actions for the patches being applied.
    Log: @ADZDSHOWLOG.sql "2023/08/04 16:36:47"

Running cutover actions for the patches being applied.
    Creating workers to process cutover DDL in parallel
    Log: $ADOP_LOG_HOME/8/20230804_163029/apply/$EBS_HOSTNAME/log/cutover.log
    Performing database cutover in Quick mode

Generating post apply reports.

Generating log report.
    Output: $ADOP_LOG_HOME/8/20230804_163029/apply/$EBS_HOSTNAME/adzdshowlog.out

The apply phase completed successfully.
adop exiting with status = 0 (Success)

7. Apply TXK.C.Delta.14 patch, plus 2 critical patches, by below line on primary mode. Note it now asks for EBS_SYSTEM password.

$ adop phase=apply apply_mode=downtime patches=33602997,34708635,34654260 merge=yes patchtop=$PATCH_TOP

Enter the APPS password:
Enter the EBS_SYSTEM password:
Enter the WLSADMIN password:

Confirm 3 patches were applied successfully:
SQL> SELECT adb.bug_number, aas.name appl_top_name, adb.creation_date, adb.language,
decode(ad_patch.is_patch_applied('R12',aas.appl_top_id,adb.bug_number,adb.language),'EXPLICIT','APPLIED','NOT_APPLIED','NOT APPLIED') status
FROM ad_bugs adb,
(select distinct appltop_id appl_top_id, node_name name from ad_adop_sessions 
           where node_name in (select node_name from ADOP_VALID_NODES) ) aas
where adb.bug_number in (
'33602997',
'34708635',
'34654260'
) order by creation_date desc, adb.bug_number,aas.name,adb.language;

8. Post steps
$ perl $AD_TOP/bin/admkappsutil.pl
$ cp -p $INST_TOP/admin/out/appsutil.zip $APPLPTMP

$ Autoconfig on db node
$ Autoconfig on all apps nodes

9. Start Apps services
$ ./adstrtal.sh apps/aapsPWD -mode=allnodes

10. After the instance was verified and checked out, run FS_CLONE to sync the file systems.

NOTES: adgrants.sql from patch 34669333 makes important changes in database. During above patching, it is copied to $APPL_TOP/admin as the current one. Below is its log by SYSDBA: 

Current user is SYS
------------------------------------------------------------
--- adgrants.sql started at 2023-04-20 11:15:11 ---
------------------------------------------------------------
Removing logs from prior runs of adgrants.sql
-
Start granting from SYS to EBS_SYSTEM
-
End granting from SYS to EBS_SYSTEM
Completed granting and checking privileges
Generating list of ERRORS and WARNINGS to print out
PRINT_ERROR
---------------------
:current_user

CURRENT_USER
-----------------------------------------------------------------------------------------
SYS user ERRORS and WARNINGS will report at end of script
to print out
CURRENT_USER
-----------------------------------------------------------------------------------------
SYS user ERRORS and WARNINGS will report at end of script
Creating PL/SQL profiler objects.
---------------------------------------------------------------
--- profload.sql started at 2023-04-25 11:15:14 ---

In 12.2c and beyond, the Oracle-supplied profload.sql script is a verification script, not an installation script.
Testing for correct installation
SYS.DBMS_PROFILER successfully loaded.
-----------------------------------------------------
--- profload.sql completed at 2023-04-25 11:15:16 ---
--------------------------------------------------
--- proftab.sql started at 2023-04-25 11:15:16 ---
-----------------------------------------------------
--- profltab.sql completed at 2023-04-25 11:15:18 ---

Installing Hierarchical Profiler.
-
Loading Stylesheets if missing
Begin creating the AD_ZD_SYS package
End creating the AD_ZD_SYS package
Executing PURGE DBA_RECYCLEBIN.
The following ERRORS and WARNINGS have been encountered during this adgrants session:
Grants given by this script have been written to the ad_zd_logs table.
You can run $AD_TOP/sql/ADZDSHOWLOG.sql to produce a report showing these grants.

Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.18.0.0.0
Started at 2023-04-25 11:15:14 ---

In 12.2c and beyond, the Oracle-supplied profload.sql script is a verification script, not an installation script.
Testing for correct installation
SYS.DBMS_PROFILER successfully loaded.
-----------------------------------------------------
--- profload.sql completed at 2023-04-25 11:15:16 ---
--------------------------------------------------
--- proftab.sql started at 2023-04-25 11:15:16 ---
-----------------------------------------------------
--- profltab.sql completed at 2023-04-25 11:15:18 ---

Installing Hierarchical Profiler.

HPTAB_SCRIPT
---------------------------
?/rdbms/admin/nothing.sql
-
Loading Stylesheets if missing
PACKAGE_NAME
------------------------
AD_ZD_SYS
Begin creating the AD_ZD_SYS package
End creating the AD_ZD_SYS package
Executing PURGE DBA_RECYCLEBIN.
The following ERRORS and WARNINGS have been encountered during this adgrants session:
Grants given by this script have been written to the ad_zd_logs table.
You can run $AD_TOP/sql/ADZDSHOWLOG.sql to produce a report showing these grants.

Posted by at No comments:
Subscribe to: Comments (Atom)