HEMESH ORAWORLD: March 2011

Thursday 31 March 2011

TNS-12541,12560,00511, LINUX ERROR: 111: Connection refused

[oracle@testbox admin]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 31-MAR-2011 10:15:30

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=testbox.localdomain)(PORT=1522)))

TNS-12541: TNS:no listener

TNS-12560: TNS:protocol adapter error

TNS-00511: No listener

Linux Error: 111: Connection refused

[oracle@testbox admin]$ lsnrctl start

LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 31-MAR-2011 10:15:40

Starting /u01/app/oracle/product/10.2.0/db_1/bin/tnslsnr: please wait...

TNS-12537: TNS:connection closed

TNS-12560: TNS:protocol adapter error

TNS-00507: Connection closed

Linux Error: 29: Illegal seek

-------------------------------------------------------

Amend /etc/hosts as below

[oracle@testbox admin]$ cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost

192.168.0.138 testbox.localdomain testbox

#::1 localhost6.localdomain6 localhost6

--------------------------------------------------------

[oracle@testbox admin]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 31-MAR-2011 10:21:36

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=testbox.localdomain)(PORT=1522)))

STATUS of the LISTENER

------------------------

Alias LISTENER

Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production

Start Date 31-MAR-2011 10:21:12

Uptime 0 days 0 hr. 0 min. 24 sec

Trace Level off

Security ON: Local OS Authentication

SNMP OFF

Listener Parameter File /u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora

Listener Log File /u01/app/oracle/product/10.2.0/db_1/network/log/listener.log

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=testbox.localdomain)(PORT=1522)))

Services Summary...

Service "fwlive.testbox.localdomain" has 1 instance(s).

Instance "fwlive", status UNKNOWN, has 1 handler(s) for this service...

The command completed successfully

Wednesday 30 March 2011

Oracle Validated Configuration RPM for OEL5

root@OEL5# ls -l /etc/yum.repos.d

total 0

yum repolist all reports all available repositories and their statuses.

[root@OEL5 yum.repos.d]# yum repolist all

Loaded plugins: security
repo id repo name status
el5_addons Enterprise Linux 5 – i386 – addons disabled
el5_ga_base Enterprise Linux 5 GA – i386 – base disabled
el5_oracle_addons Enterprise Linux 5 – i386 – oracle_addon disabled
el5_u1_base Enterprise Linux 5 U1 – i386 – base disabled
el5_u2_base Enterprise Linux 5 U2 – i386 – base disabled
el5_u3_base Enterprise Linux 5 U3 – i386 – base disabled
el5_u4_base Enterprise Linux 5 U4 – i386 – base disabled
repolist: 0
[root@OEL5 yum.repos.d]#

root@OEL5# cd /etc/yum.repos.d

http://public-yum.oracle.com/

root@OEL5# wget http://public-yum.oracle.com/public-yum-el5.repo

a file named “public-yum-el5.repo” will be saved to /etc/yum.repos.d

Open public-yum-el5.repo in a text editor(vi or gedit)

Locate the section in the file for the repository you plan to update from, e.g. [el5_ga_base]

Change enabled=0 to enabled=1

I changed enabled=0 to enabled=1 in el5_ga_base and the status changed from disabled to enabled.

You can even change enabled=1 for all repositories but the usual claim is that with many repositories

enabled there might be conflicts between repositories while searching for rpms.

Till date I have not faced any problems with all my repositories enabled.

[root@OEL5 yum.repos.d]# yum repolist all
Loaded plugins: security
repo id repo name status
el5_addons Enterprise Linux 5 – i386 – addons disabled
el5_ga_base Enterprise Linux 5 GA – i386 – base enabled: 3,204
el5_oracle_addons Enterprise Linux 5 – i386 – oracle_addon disabled
el5_u1_base Enterprise Linux 5 U1 – i386 – base disabled
el5_u2_base Enterprise Linux 5 U2 – i386 – base disabled
el5_u3_base Enterprise Linux 5 U3 – i386 – base disabled
el5_u4_base Enterprise Linux 5 U4 – i386 – base disabled
repolist: 3,204
[root@OEL5 yum.repos.d]#

[root@dhcppc4 yum.repos.d]# yum install oracle-validated

[root@localhost Server]# pwd

/media/Enterprise Linux dvd 20090908/Server

[root@localhost Server]# yum install ./oracle-validated-1.0.0-18.el5.i

Tuesday 29 March 2011

Install Oracle Database 10.2.0.4 on Windows 7

Yes you can.

You need to amend below lines in "\database\stage\prereq\db\refhost.xml" file.

...........................................

........................................

And Also

You need to tweak the file oraparam.ini in "\database\install" directory.

There are at least two lines you either need to add or change. The first is

Windows=5.0,5.1,5.2,6.0,6.1

I added the 6.1

Next is

[Windows-6.1-optional]

I added that below

[Windows-6.0-optional]

Setup will now run. During the install you will get a warning about the OS version but you can "OK" your way through it. Here is the entire contents of the file after changes

[Oracle]
DISTRIBUTION=TRUE
SOURCE=../stage/products.xml
LICENSE_LOCATION=
JRE_LOCATION=../stage/Components/oracle.swd.jre/1.5.0.11.0/1/DataFiles
JRE_MEMORY_OPTIONS=" -mx192m"
DEFAULT_HOME_LOCATION=oracle\product\10.2.0\db
DEFAULT_HOME_NAME=OraDb10g_home
NO_BROWSE=/net
NLS_ENABLED=TRUE
BOOTSTRAP=TRUE
OUI_VERSION=10.2.0.4.0
ADDITIONAL_COMPONENTS={"oracle.sysman.ccr:ALWAYS","oracle.rdbms.rat:ALWAYS","oracle.jdk:UPGRADE","oracle.swd.jre:UPGRADE"}
## JRE_VERSION is only for Windows. This is to copy accessbridge dlls
JRE_VERSION=1.5.0
#SHOW_HOSTNAME=ALWAYS_SHOW shows the hostname panel always
#SHOW_HOSTNAME=NEVER_SHOW does not the hostname panel
#SHOW_HOSTNAME=CONDITION_SHOW shows the hostname panel on condition
SHOW_HOSTNAME=NEVER_SHOW
#THIN_JDBC_FILENAME is optional and defaults to classes12.jar
#The value specified for this should be packaged with OUI, and should
#be relative to /jlib/
THIN_JDBC_FILENAME=classes12.jar
#RUN_OUICA specifies the batch script name that needs to be run
#The script is ouica.bat for win32, and ouica.sh for solaris.
#If the value is not specified, then the OUICA script is not run
RUN_OUICA=ouica.bat
CLUSTERWARE={"oracle.crs","10.1.0.2.0"}
SILENT_VARIABLE_VALIDATION=TRUE

[Certified Versions]
#You can customise error message shown for failure, provide value for CERTIFIED_VERSION_FAILURE_MESSAGE
Windows=5.0,5.1,5.2,6.0,6.1

#Windows 2000 use winver.exe to find version
[Windows-5.0-required]
#Minimum display colours for OUI to run
MIN_DISPLAY_COLORS=256
#Minimum CPU speed required for OUI
#CPU=300

[Windows-5.0-optional]

#Windows XP use winver.exe to find version
[Windows-5.1-required]
#Minimum display colours for OUI to run
MIN_DISPLAY_COLORS=256
#Minimum CPU speed required for OUI
#CPU=300

[Windows-5.1-optional]

#Windows .net use winver.exe to find version
[Windows-5.2-required]
#Minimum display colours for OUI to run
MIN_DISPLAY_COLORS=256
#Minimum CPU speed required for OUI
#CPU=300

[Windows-5.2-optional]

[Windows-6.0-required]
#Minimum display colours for OUI to run
MIN_DISPLAY_COLORS=256
#Minimum CPU speed required for OUI
#CPU=300

[Windows-6.0-optional]

[Windows-6.1-optional]

[IMAGES]
FILE1=images/rdbms_1.gif
FILE2=images/rdbms_2.gif
FILE3=images/rdbms_3.gif
FILE4=images/rdbms_4.gif
FILE5=images/rdbms_5.gif
FILE6=images/rdbms_6.gif
FILE7=images/rdbms_7.gif
FILE8=images/rdbms_8.gif

LICENSE_LOCATION=license.txt

Edited by: 835955 on Feb 11, 2011 6:51 AM

Monday 28 March 2011

RMAN Backup Time remaining

To see what RMAN is doing now, and see what SID is doing what sort of work, and how much it has got left to do, use the following SQL. This script is good when you are trying to see how much work an RMAN Channels have got left to do. It is good to watch with the RMAN backup script log (tail -f) as the backup is hapenning. For both scripts you have to lonig as SYSDBA on the instance where the BACKUP
is or RESTORE hapenning.



select

sid,

start_time,

totalwork,

sofar,

(sofar/totalwork) * 100 pct_done

from

v$session_longops

where totalwork > sofar

AND opname NOT LIKE '%aggregate%'

AND opname like 'RMAN%'

/



SID        START_TIM  TOTALWORK      SOFAR   PCT_DONE

---------- --------- ---------- ---------- ----------

     100 27-OCT-08    1554952    1364978 87.7826454

To watch the success or failure of an RMAN job in the past, or even when it is hapenning, you can use the dynamic v$ view v$rman_status. The following query will show you a history of your BACKUP and RESTORE operations. By changing the where start_time > sysdate -1 clause you control how much in the past you want to look at. I am using this on Oracle 10g, I don't know if it is available on Oracle 9i and before.



select to_char(start_time, 'dd-mon-yyyy@hh24:mi:ss') "Date",

status,

operation,

mbytes_processed

from v$rman_status vs

where start_time >  sysdate -1

order by start_time

/



Date                 STATUS                  OPERATION                         MBYTES_PROCESSED

-------------------- ----------------------- --------------------------------- ----------------

27-oct-2008@11:40:11 FAILED                  RMAN                                             0

27-oct-2008@11:40:29 COMPLETED               BACKUP                                       11812

27-oct-2008@12:06:30 COMPLETED               BACKUP                                       23112

27-oct-2008@12:41:45 COMPLETED               BACKUP                                         160

27-oct-2008@12:42:28 FAILED                  CONTROL FILE AUTOBACKUP                          0

27-oct-2008@17:24:28 RUNNING                 RMAN                                             0

27-oct-2008@17:24:43 COMPLETED               DELETE                                           0

27-oct-2008@17:24:51 COMPLETED               CATALOG                                          0

27-oct-2008@17:25:16 RUNNING                 RESTORE                                  22082.875

Tuesday 22 March 2011

OTN Discussion Forums : Restore Oracle VM Manager with no ...

OTN Discussion Forums : Restore Oracle VM Manager with no ...: "Restore Oracle VM Manager with no backup?"

Backup and Restoring Oracle VM Manager on a different server

In today’s topic, I’d like to discuss the process of backing up and restoring your Oracle VM Manager. Since the Oracle VM Manager is used to manage all your virtual machines and virtual machine resources, I thought it would be a good exercise to discuss the step-by-step process on backing up and restoring the OVM Manager environment. It is crucial to make backups of your Oracle VM Manager to ensure that you don’t lose any data from the Oracle VM Manager repository database that could cause you a headache in having to actively restore each virtual machine to a new Oracle VM Manager, one by one (not a fun exercise). The good news is Oracle has made the backup-restore process quite easy. In the example below, I will be backing up my original Oracle VM Manager, and restoring the content from my old server it into a new server all that has a fresh install of Oracle VM Manager.

Prerequisites:

1) Ensure all your Oracle VM Servers are actively running.

2) Install a fresh copy Oracle VM Manager on your new server

Steps to backup your Oracle VM Manager environment:

1) Login to the Oracle VM Manager as a user with root privileges i.e. root.

2) As root user, backup the existing Oracle VM Manager using the command:

# sh /opt/ovs-manager-2.2/bin/backup.sh

3) The script will prompt you with two options: backup the OVM Manager or restore the OVM Manager. Please ensure to select backup.

4) Once you have selected to backup your Oracle VM Manager, you will be promoted few more questions to save your dump and log files to a destination of your choice. The screen will look as follows:

Back up data now ...

Please enter the password for database account 'OVS':

Please specify the path for dump file?

Please specify the path for log file?

5) Congratulations! Oracle VM Manager was successfully backed up.

Restoring Oracle VM Manager to the existing host:

The process of restoring your Oracle VM Manager is as simple as backing up your Oracle VM Manager. In this example, I’ll show how to restore your backup copy from your old Oracle VM Manager to your new Oracle VM Manager.

1) Copy the dump files and log files from your existing Oracle VM Manager to your new Oracle VM Manager. This can be easily done using the scp command. Example:

scp ovs.dmp host_ip_of_new_OVM_Manager:/tmp/

2) Stop the oc4j service on the old Oracle VM Manager using the command:

service oc4j stop

3) Shutdown the old Oracle VM Manager repository database as oracle user. (NOTE: While this step is not necessary, however I felt it was a good precautionary measure to take and decided shutdown my database).

export ORACLE_HOME='/usr/lib/oracle/xe/app/oracle/product/10.2.0/server'

export ORACLE_SID=XE

$ORACLE_HOME/bin/sqlplus / as sysdba;

SQL> shutdown immediate;

SQL> quit

4) On the new freshly installed Oracle VM Manager server, stop the oc4j service via command:

service oc4j stop

5) Now we will restore the data from our existing Oracle VM Manager to our new Oracle VM Manager using the same backup.sh script. As the root user, type the following command:

# sh /opt/ovs-manager-2.2/bin/backup.sh

6) The script will prompt you with two options: backup the OVM Manager or restore the OVM Manager. Please ensure to select restore.

7) Once you have selected to restore your Oracle VM Manager, you will be promoted few more questions to restore your data using the dump and log files you copied from your existing Oracle VM Manager. The screen will look as follows:

Restore data now ...

Please enter the password for database account 'SYS':

Please enter the path and filename for the dump file (eg /tmp/ovs.dmp):

Please enter the path and filename for the log file (eg /tmp/ovs.log):

Import: Release 10.2.0.1.0 - Production on Fri Jul 2 16:31:03 2010

Connected to: Oracle Database 10g Express Edition Release 10.2.0.1.0 – Production

Export file created by EXPORT:V10.02.01 via conventional path

Warning: the objects were exported by OVS, not by you

import done in US7ASCII character set and AL16UTF16 NCHAR character set

import server uses AL32UTF8 character set (possible charset conversion)

. . importing table “OVS_AGENT” 22 rows imported

. . importing table “OVS_ALERT” 0 rows imported

. . importing table “OVS_CATEGORY” 1 rows imported

. . importing table “OVS_CDROM” 5 rows imported

. . importing table “OVS_CDROM_RESOURCE” 0 rows imported

. . importing table “OVS_GROUP” 4 rows imported

. . importing table “OVS_IMG_OS” 0 rows imported

. . importing table “OVS_LOCK” 166 rows imported

. . importing table “OVS_LOG” 6582 rows imported

. . importing table “OVS_MAP” 35 rows imported

. . importing table “OVS_OS_RESOURCE” 18 rows imported

. . importing table “OVS_PARTNER” 0 rows imported

. . importing table “OVS_PREFERRED_SERVER” 0 rows imported

. . importing table “OVS_PRIVILEGE” 4 rows imported

. . importing table “OVS_PRIVILEGE_ROLE” 5 rows imported

. . importing table “OVS_RESOURCE” 0 rows imported

. . importing table “OVS_ROLE” 3 rows imported

. . importing table “OVS_SERVER” 22 rows imported

. . importing table “OVS_SITE” 7 rows imported

. . importing table “OVS_STATISTIC” 22465 rows imported

. . importing table “OVS_SYS_VALUE” 8 rows imported

. . importing table “OVS_TASK” 19 rows imported

. . importing table “OVS_USER” 14 rows imported

. . importing table “OVS_USER_GROUP” 39 rows imported

. . importing table “OVS_USER_ROLE” 14 rows imported

. . importing table “OVS_USER_SITE” 93 rows imported

. . importing table “OVS_VD_IMG” 256 rows imported

. . importing table “OVS_VIRTUAL_DISK” 428 rows imported

. . importing table “OVS_VM_GEN_INFO” 124 rows imported

. . importing table “OVS_VM_IMG” 124 rows imported

. . importing table “OVS_VM_NETWORK” 125 rows imported

. . importing table “OVS_VM_SNAPSHOT” 0 rows imported

Import terminated successfully without warnings.

Done

8 ) Once the import has completed successfully, start the oc4j service on your new Oracle VM Manager using the command:

service oc4j start

9) Congratulations! Oracle VM Manager has been successfully restored on your new Oracle VM Manager.

NOTE: User passwords (including admin) will have the same passwords from your existing Oracle VM Manager. If you installed your fresh Oracle VM Manager and used a different password, once you do the restore it will override your existing password and use the passwords found within the existing Oracle VM manager repository you imported.

Friday 18 March 2011

Revoke SYSDBA from the Users

Revoke SYSDBA priv

select * from v$pwfile_users where sysdba='TRUE';

Thursday 17 March 2011

Block Developers from Different TOOLS

CONNECT / AS SYSDBA;

CREATE OR REPLACE TRIGGER block_tools_from_prod

  AFTER LOGON ON DATABASE

DECLARE

  v_prog sys.v_$session.program%TYPE;

BEGIN

  SELECT program INTO v_prog

    FROM sys.v_$session

  WHERE  audsid = USERENV('SESSIONID')

    AND  audsid != 0  -- Don't Check SYS Connections

    AND  ROWNUM = 1;  -- Parallel processes will have the same AUDSID's

  IF UPPER(v_prog) LIKE '%TOAD%' OR UPPER(v_prog) LIKE '%T.O.A.D%' OR -- Toad

     UPPER(v_prog) LIKE '%SQLNAV%' OR     -- SQL Navigator

     UPPER(v_prog) LIKE '%PLSQLDEV%' OR -- PLSQL Developer

     UPPER(v_prog) LIKE '%BUSOBJ%' OR   -- Business Objects

     UPPER(v_prog) LIKE '%EXCEL%'       -- MS-Excel plug-in

  THEN

     RAISE_APPLICATION_ERROR(-20000, 'Development tools are not allowed here.');

  END IF;

END;

SHOW ERRORS

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________

Object Exported and Imported in Datapump

Original Export and Import

Monday 14 March 2011

RMAN Error Tracing

=== ODM Action Plan ===

1.Please upload the alert.log of target database and the trace file associated to the ORA-600 ksfdabrtcre1 error.

2. Reproduce the issue with rman traces activated as follows:

2.1. Start RMAN in debug mode:
rman target debug trace=rman.trc log=rman.log

2.2 Activate sql traces
rman> set echo on;
rman> sql "alter system set max_dump_file_size=UNLIMITED";
rman> sql "alter session set events ''10046 trace name context forever, level 12''";

2.3 Run your RMAN script.

RMAN> backup backupset completed between 'sysdate-3' and 'sysdate-2' format '/mnt/OracleBackup/XXXXX_20110218_%U.frabak';

2.4. Please upload:
* The trace file in the of the TARGET database related to the 10046 trace
* The files rman.trc and rman.log

Friday 4 March 2011

ORA-29024: Certificate validation failure

Recently we had the pleasure of a last minute emergency replacement of a SSL certificate. I think most IT shops have been there, done that. But the problem is that the replacement renewal certificate didn’t work – now how does one proceed?

1. Something is wrong after replacing SSL certificate on the hardware load balancer. Symptoms – Page not found errors, ORA-29024: Certificate validation failure in the Oracle Application Server logs. Revert to older certificate all is well again. But no time to waste since it expires tomorrow at 18:59 MST. Yeeegads!

2. This is an external CAS ticket server authenticating to an Oracle Database using UTL_HTTP calls. Doing the following select statement as a user with execute privileges on UTL_HTTP also shows the same issue, no matter the URL -

select utl_http.request ('https://hostname.domain/cas/login'

,null,null,null) from dual;

ERROR at line 1: ORA-29273: HTTP request failed

ORA-06512: at "SYS.UTL_HTTP", line 1577

ORA-29024: Certificate validation failure

ORA-06512: at line 1

3. Ok, this is Oracle so I know the Oracle Wallet is involved. It resides on the database server since we apply certificates on the load balancer, your situation may involve an Oracle Wallet on OAS as well. The following select statement checks if the wallet is valid, not corrupt and has the correct password.

select utl_http.request ('https://www.verisign.com/',null,

'file:/etc/ORACLE/WALLETS/oracle','password') from dual;

ERROR at line 1: ORA-29273: HTTP request failed

ORA-06512: at "SYS.UTL_HTTP", line 1577

ORA-29024: Certificate validation failure ORA-06512: at line 1

4. Yeegads again! There is something wrong with the wallet, now how can that be? DBA didn’t change anything, how does replacing a certificate invalidate the wallet? So this is where the Hari Kari starts – I backup the old wallet directory, create a new one wallet in the same location, same password. Still doesn’t work, same error.

Now the document on ‘My Oracle Support” -

Troubleshooting ORA-29024:Certificate Validation Failure

Doc ID: 756978.1

gets me started but I can’t find anything wrong with the wallet. I use both orapki (wallet command line utility) and OWM (gui). There are no problems opening the wallet viewing the chain, etc.

> orapki wallet display -wallet .

Requested Certificates:

User Certificates:

Trusted Certificates:

Subject: CN=GTE CyberTrust Root,O=GTE Corporation,C=US

Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US

Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

5. The knife goes deeper into the flesh, I am really hurting now. It is 10:00 pm been on the cell phone with other IT personnel involved over 60 minutes (they are supposed to be in my “circle of friends” so hopefully the cell phone bill won’t kill me either). Continue on with the troubleshooting document – ”Both the user and trusted certificates are valid and not expired or revoked” – I don’t have any user certificates…the others seem fine. I have recreated the wallet several times, bounced the database/load balancer/OAS/CAS server each time (can you sense the ”desperation”) because I find in another document

How To Replace An Expired Or Expiring Certificate in Wallet Manager

Doc ID: 303299.1

(why wasn’t this step in the troubleshooting ORA-29024 document?) that you have to “Restart the component that uses the Wallet i.e Webcache, HTTP Server, or Database, as the Wallet is stored in memory and will not be re-read until the component is restarted” . After several hours of testing at least at this point I have determined that the wallet is basically valid because it worked yesterday but not today with the new certificate. But Why?

6. Last step in the document -

"If this error is seen while using with UTL_HTTPS set up than , check :

---> Whether all the certificates of the secure website are there

in the wallet and the certificate chain is complete."

Well that may be the issue, checking back with the network guy who ordered the replacement cert, he seemed to think the certificate was slightly different than last time. We had double-checked it’s validity by viewing it with several browsers. At this point everyone went home, I entered an Oracle SR (since the database wasn’t down I knew there wouldn’t be a quick response), programmer guy emailed his CAS colleagues, network guy entered an emergency support request through Verisign.

7. The next morning I started check ing Verisign’s website, programmer guy mentioned he thought it might be a chaining issue…possibly a new or updated intermediate certificate was needed. The knife was still in deep which had made it hard to sleep. Next morning network guy says definitely a new intermediate certificate was needed according to Verisign…checking Verisign’s website there are several. You will need your certificate order number to get the right one. Verisign support had attached it in the support request.

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657&actp=LIST (Verisign Intermediate CA Certificates)

8. How to install this intermediate certificate? Easiest way is to use the orapki utility. Previous hari kari work with intermediate certificates gave me the knowledge that Oracle was “picky” with certificates and that the intermediate certificate needed to be named ca.crt to work. I renamed the file (transferred in binary format) to ca.crt put it in the /etc/ORACLE/WALLETS/oracle location. But we aren’t finished yet. It won’t import, it just gives me an error unable to open wallet . I give it the full path, still same error.

Yeegads! OOmph! Ok…I had just imported the intermediate certificate into a non-production instance and got it working. Why is production giving me grief?

9. I backed up (moved) the old wallet, more slice and dice. There are several directories with old wallets…none of them worked for the new certificate during the previous night’s testing but they all worked with the old certificate but none of them would let me import the intermediate certificate. AAgh! Created a new wallet, I used a different command-line utility (Reflection) instead of Putty because in another document from My Oracle Support it mentioned that the keyboard might not be typing the wallet password correctly. What! I have used this console utility forever, first I have heard of this. So I create the new wallet using Reflection and put a single quote around the password. So take that! and that! Back you evildoer! Back away! This is all out war! Still problems.

cd /etc/ORACLE/WALLETS/oracle

orapki wallet create -wallet . -auto_login -pwd 'password'

orapki wallet add -wallet . -trusted_cert -cert ca.crt -pwd 'password'

(don't expect anything to tell you this was successful you are just looking

to see if any errors occur)

select utl_http.request ('https://www.verisign.com/',null,

'file:/etc/ORACLE/WALLETS/oracle','password') from dual;

select utl_http.request ('https://www.verisign.com/',null,

*ERROR at line 1:ORA-29273: HTTP request failed

ORA-06512: at "SYS.UTL_HTTP", line 1577

ORA-28759: failure to open file ORA-06512: at line 1

10. At least the ERROR MESSAGE changed! Sorry but at this point my desperation was running full tilt, anything makes me giddy. I restared the production database, I knew that was probably going to happen. I discreetly change the status of my IM as busy to reduce the numbers of attacking messages. They start fast and furious.

select utl_http.request ('https://domainname/cas/login',null,

'file:/etc/ORACLE/WALLETS/oracle,'password') from dual;

select utl_http.request ('https://domainname/cas/login',

null,'file:/etc/ORACLE/WALLETS/oracle','password') from dual

* ERROR at line 1: ORA-29273: HTTP request failed

ORA-06512: at "SYS.UTL_HTTP", line 1577

ORA-29106: Cannot import PKCS #12 wallet. ORA-06512: at line 1

11. I realize that I left out the closing quote after /etc/ORACLE/WALLETS/oracle in the SQL statement. Retyped it correctly and it returns a valid web page, it is finally over. I remove the knife, it might heal with some time off.

12. If you need to migrate an existing 10.2.x wallet to 11.2.x -open it with Oracle Wallet Manager in 11.2.x and resave it. Will have to bounce the database for the change to take affect.

UTL_HTTP && Network ACL 11g

SELECT host, acl,

DECODE(

DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, 'VOLUME', 'resolve'),

1, 'GRANTED', 0, 'DENIED', NULL) privilege

FROM dba_network_acls;

SELECT host, lower_port, upper_port, acl,

DECODE(

DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, 'VOLUME', 'connect'),

1, 'GRANTED', 0, 'DENIED', null) privilege

FROM dba_network_acls;

SELECT * FROM DBA_NETWORK_ACL_PRIVILEGES;

SELECT * FROM DBA_NETWORK_ACLS;

begin

dbms_network_acl_admin.assign_acl( 'volume_utl_http.xml', '*.com');

end;

begin

dbms_network_acl_admin.create_acl (

acl => 'volume_utl_http.xml',

description => 'HTTP Access',

principal => 'VOLUME',

is_grant => TRUE,

privilege => 'connect',

start_date => null,

end_date => null

);

dbms_network_acl_admin.add_privilege (

acl => 'volume_utl_http.xml',

principal => 'VOLUME',

is_grant => TRUE,

privilege => 'resolve',

start_date => null,

end_date => null

);

dbms_network_acl_admin.assign_acl( 'volume_utl_http.xml', '*.com');

commit;

end;

Tuesday 1 March 2011

Simple Rollup

SELECT

--to display "Sub Total" column with "Total" at the End

DECODE(grouping(TRUNC(date_created,'MM')),0,NULL,'Total') "Sub Total" ,

TO_CHAR(TRUNC(date_created,'MM'),'MONTH-YYYY') "Months" ,

COUNT(*) "This Month Tweets"

FROM twitter

GROUP BY rollup (TRUNC(date_created,'MM') )

ORDER BY TRUNC(date_created,'MM');