Tuesday, February 20, 2018

[UNEXPECTED]Master node for the current patching cycle is node_name.

Error:

Checking for existing adop sessions.
    Continuing with existing session [Session ID: 13].
    [UNEXPECTED]Master node for the current patching cycle is Node_name.
    [UNEXPECTED]Options such as "allnodes=yes" or "allnodes=no action=db" must be run from the master node.
    [UNEXPECTED]Unrecoverable error occurred. Exiting current adop session.


[STATEMENT] Please run adopscanlog utility, using the command

"adopscanlog -latest=yes"

to get the list of the log files along with snippet of the error message corresponding to each log file.


adop exiting with status = 2 (Fail)


Cause:
This issue normally occurs on cloned instance due to invalid entries in ADOP_VALID_NODES and TXK_TCC_RESULTS table.
Refer: http://www.global-dba.com/2017/12/running-adop-fails-with-error-etcc-not.html

Solution:
Login with apps user and perform the following tasks.

SQL> create table apps.ad_adop_sessions_bkp as select * from apps.ad_adop_sessions;

Table created.

update apps.ad_adop_sessions
set node_name='node_name'
where ADOP_SESSION_ID=13

SQL> commit;

Commit complete.

SQL>

Now abort patch session and run cleanup:

$ adop phase=abort
$ adop phase=cleanup cleanup_mode=full

You can now run the patching successfully on cloned instance

Sunday, February 11, 2018

adop phase=prepare ORA-20008: No Concurrent Manager is running that can run concurrent program


Error

Error while running command: adop phase=prepare

SQL> SQL> Connected.
SQL> select AD_ZD_ADOP.WAIT_FOR_CP_TO_RUN(10847151) from dual
       *
ERROR at line 1:
ORA-20008: No Concurrent Manager is running that can run concurrent program
ADZDPATCH
ORA-06512: at "APPS.AD_ZD_ADOP", line 282
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

    [UNEXPECTED]Error calling runConcurrentProgram subroutine.
    Stopping services on patch file system.
    Stopping admin server.
    Stopping node manager.
    [ERROR]     Prepare phase has failed.


Solution

Set the Run filesystem / environment and run command:
FNDLOAD apps/apps 0 Y UPLOAD $FND_TOP/patch/115/import/afcpprog.lct $AD_TOP/patch/115/import/US/adzdpatch.ldt - CUSTOM_MODE=FORCE

Reference: Doc ID 1587419.1

ADOP Prepare Phase Fails With "Error calling runFSSanityValidateConfig"

Error

[UNEXPECTED]Error occurred running "perl /u01/app/fs1/EBSapps/appl/ad/12.0.0/patch/115/bin/txkADOPPreparePhaseSanityCheck.pl -contextfile=/u01/app/fs1/inst/apps/QA_erpqa/appl/admin/QA_erpqa.xml -patchcontextfile=/u01/app/fs2/inst/apps/QA_erpqa/appl/admin/QA_erpqa.xml -promptmsg=hide -mode=update -console=off -sessionid=7 -timestamp=20180211_103444 -outdir=/u01/app/fs_ne/EBSapps/log/adop/7/20180211_103444/prepare/erpqa -action=filesystemcheck"
    [UNEXPECTED]Error calling runFSSanityValidateConfig subroutine
    Stopping services on patch file system.
    Stopping admin server.
    Stopping node manager.
    [ERROR]     Prepare phase has failed.


Solution

To resolve the issue test the following steps in a development instance where the issue can be reproduced and then migrate accordingly:
1. Execute the following ABORT process:
$ adop phase=abort
$ adop phase=cleanup cleanup_mode=full
$ adop phase=fs_clone
2. Increase the file system space to 25 GBs (or more depending on your available resources).

3. Run the ADOP Prepare phase again:
$ adop phase=prepare

4. Confirm the prepare phase completes successfully and the above errors no longer appear in the log.

Reference: Doc ID 2223374.1

Error 1 occurred while Executing txkADOPValidation script on host

Error

Lines #(78-83):
    [PROCEDURE] Calling: /u01/app/fs1/EBSapps/appl/ad/12.0.0/patch/115/bin/txkADOPValidations.pl
    [EVENT]     Log: /u01/app/fs_ne/EBSapps/log/adop/7/20180211_102321/prepare/validate/erpqa
    [UNEXPECTED]Error occurred running "perl /u01/app/fs1/EBSapps/appl/ad/12.0.0/patch/115/bin/txkADOPValidations.pl  -contextfile=/u01/app/fs1/inst/apps/QA_erpqa/appl/admin/QA_erpqa.xml -patchctxfile=/u01/app/fs2/inst/apps/QA_erpqa/appl/admin/QA_erpqa.xml -phase=prepare -logloc=/u01/app/fs_ne/EBSapps/log/adop/7/20180211_102321/prepare/validate/erpqa -promptmsg=hide"
    [UNEXPECTED]Error 1 occurred while Executing txkADOPValidation script on erpqa
[PROCEDURE] [START 2018/02/11 10:24:20] Unlocking sessions table

[STATEMENT] Unlocking ad_adop_sessions table for erpqa with wait interval of 60 seconds and number of tries 2


Solution

To fix this issue test the following to upload the missing PATCH context file to the database:
1. Get the value of your patch context file.
    1.1. Source your PATCH file system
    1.2. Echo the value of $CONTEXT_FILE and take note of it. You will use this value in step #3.
2. Source the RUN filesystem
3. Execute the following command on the run filesystem to upload the patch context file to the database.

$ADJVAPRG oracle.apps.ad.autoconfig.oam.CtxSynchronizer \
action=upload \
contextfile=<Enter Your Full Patch Context XML File Location> \
logfile=/tmp/patchctxupload.log
For Example:
$ADJVAPRG oracle.apps.ad.autoconfig.oam.CtxSynchronizer \
action=upload \
contextfile=/data1/oracle/EBSDEV/fs2/inst/apps/EBSDEV_ebsapp01/appl/admin/EBSDEV_ebsapp01.xml \
logfile=/tmp/patchctxupload.log
 Note: the context file parameter should point to the physical location of the patch context file in your system
4. Run the following query and it should return one entry for the recently uploaded context file.
select distinct(PATH) from FND_OAM_CONTEXT_FILES where NAME not in ('TEMPLATE','METADATA','config.txt') and CTX_TYPE='A' and (status is null or upper(status) in ('S','F')) and EXTRACTVALUE(XMLType(TEXT),'//file_edition_type') = 'patch';

Reference: Doc ID 2090393.1

Wednesday, February 7, 2018

Temporary Tablespaces Group

Large transactions can sometimes run out of temporary space. Large sort jobs, especially those involving tables with many partitions, lead to heavy use of the temporary tablespaces, thus potentially leading to a performance issue. Oracle Database 10g introduced the concept of a temporary tablespace group, which allows a user to utilize multiple temporary tablespaces simultaneously in different sessions.
Here are some of the main characteristics of a temporary tablespace group:
  • A temporary tablespace group must consist of at least one tablespace. There is no explicit maximum number of tablespaces.
  • If you delete all members from a temporary tablespace group, the group is automatically deleted as well.
  • A temporary tablespace group has the same namespace as the temporary tablespaces that are part of the group.
  • The name of a temporary tablespace cannot be the same as the name of any tablespace group.
  • When you assign a temporary tablespace to a user, you can use the temporary tablespace group name instead of the actual temporary tablespace name.
    You can also use the temporary tablespace group name when you assign the default temporary tablespace for the database.
Creating a Temporary Tablespace Group
When you assign the first temporary tablespace to a tablespace group, you automatically create the temporary tablespace group. To create a tablespace group, simply specify the TABLESPACE GROUP clause in the CREATE TABLESPACE statement, as shown here:

SQL> CREATE TEMPORARY TABLESPACE temp01 TEMPFILE '/u01/oracle/oradata/temp01_01.dbf' SIZE 500M TABLESPACE GROUP TEMP;

The preceding SQL statement will create a new temporary tablespace, temp01, along with the new tablespace group named tmpgrp1. Oracle creates the new tablespace group because the key clause TABLESPACE GROUP was used while creating the new temporary tablespace.
You can also create a temporary tablespace group by specifying the same
TABLESPACE GROUP clause in an ALTER TABLESPACE command, as shown here:

SQL> ALTER TABLESPACE temp02 TABLESPACE GROUP TEMP

The preceding statement will cause Oracle to create a new group named TEMP, since there was no prior temporary tablespace group with that name. If you specify a pair of quotes ('') for the tablespace group name, you are implicitly telling Oracle not to allocate that temporary tablespace to a tablespace group. Here is an example:

SQL> CREATE TEMPORARY TABLESPACE temp02 TEMPFILE '/u01/oracle/oradata/temp02_01.dbf' SIZE 500M TABLESPACE GROUP '';

The preceding statement creates a temporary tablespace called temp02, which is a regular temporary tablespace and does not belong to a temporary tablespace group. If you completely omit the TABLESPACE GROUP clause, you will also create a regular temporary tablespace, which is not part of any temporary tablespace group:

SQL> CREATE TEMPORARY TABLESPACE temp03 TEMPFILE '/u01/oracle/oradata/temp03_01.dbf' SIZE 500M;

Verify Temp tablespace usage:-

SELECT   
   TABLESPACE_NAME, GROUP_NAME
FROM   
   DBA_TABLESPACE_GROUPS;



SELECT USERNAME, SESSION_NUM, TABLESPACE FROM V$SORT_USAGE;




Reference: 
Master Note: Overview of Oracle Temporary Tablespaces (Doc ID 1498442.1)
10g: Temporary Tablespaces Group (Doc ID 245645.1)


Tuesday, February 6, 2018

Configuring Active Directory as the Authentication Provider (OBIEE 11.1.1.9)

Configuring Active Directory as the Authentication Provider (OBIEE 11.1.1.9)

Purpose:
Connecting the OBIEE WebLogic LDAP server to Microsoft Active Directory, so users can log-into the dashboard using their Windows Active Directory username and password, and retrieve group membership.
Whilst OBIEE comes with the embedded WebLogic LDAP server to hold users and groups, the license for this is restricted such that you can't just move all users from other applications into the LDAP server.
If you search in the internet and Oracle docs for instructions on how to integrate OBIEE 11g with Active Directory, there are many different ways to do it with set of instructions.
A lot of this is because Active Directory is highly-configurable, and a lot depends on how much you want to replace, or just work alongside, the existing WLS LDAP server.
Our objective is to keep the WLS LDAP server and the user accounts within it and then make it possible for Active Directory users also log in and be assigned to the standard application roles that the WLS LDAP users have.

Procedure:
This procedure illustrates how to configure Oracle Business Intelligence to use Active Directory.
 Before starting the configuration, we need the following Active Director users and groups as below.
    ADbiapps, will be used as the principal that OBIEE uses to connect to the Active Directory server
    ADBISystemUser a user on Active Directory who wants to have administration rights in the Presentation Server and BI Server

Above users are organized into three groups in the AD server:

    ADBIAdministrators, analogous to the BIAdministrators group in the WLS LDAP server
    ADBIAuthors, analogous to the BIAuthors group in the WLS LDAP server
    ADBIConsumers, analogous to the BIConsumers group in the WLS LDAP server


The groups have just got those users as members, and the users are just regular AD users, including the ADBISystemUser account.

Let's go into the WebLogic Server Administration Console http://[machine_name]:7001/console) and start configuring the system for Active Directory integration.
To configure Active Directory as the Authentication Provider:
  1. Log in to Oracle WebLogic Server Administration Console, and click Lock & Edit in the Change Center.

  1. Select Security Realms from the left pane and click myrealm.

The default Security Realm is named myrealm.
  1. Display the Providers tab, then display the Authentication sub-tab.

  1. Click New to launch the Create a New Authentication Provider page.

  1. Enter values in the Create a New Authentication Provider page as follows:

    • Name: Enter a name for the authentication provider. For example, ADAuthenticator.
    • Type: Select ActiveDirectoryAuthenticator from the list.
    • Click OK to save the changes and display the authentication providers list updated with the new authentication provider.

  1. Now click on this new authentication provider in the list, and then when the Settings for ADProvider page is shown, set the Control Flag to SUFFICIENT, and press Save.

  1. Click DefaultAuthenticator in the Name column to display the Settings page.
  2. In the Common Authentication Provider Settings page, change the Control Flag from REQUIRED to SUFFICIENT and click Save.
 

Then, again click on Providers and with the list of authentication providers displayed, press the Reorder button. 

Change the order of the providers so that MSADProvider is first, followed by DefaultAuthenticator, DefaultIdentityAsserter and TrustServiceIdAsserter


Click ok.
With the list of authentication providers displayed Click on MSADProvider

Click on the Provider Specific tab


Enter the following details for your Active Directory installation, amending the settings as appropriate for your AD server.


Provider Specific
Connection

Host:
10.10.2.76
Port:
389
Principal:
CN=ADbiapps,DC=GLC,DC=COM,DC=SA
Credential:

Confirm Credential:

Users

User Base DN:
DC=GLC,DC=COM,DC=SA
User From Name Filter:
(&(sAMAccountName=%u)(objectclass=user))
User Name Attribute:
sAMAccountName
Groups

Group Base DN:
DC=GLC,DC=COM,DC=SA
Group From Name Filter:
(&(sAMAccountName=%g)(objectclass=group))
Static Groups

Static Group Name Attribute:
sAMAccountName

Click Save.
In the Change Center, click Activate Changes.
Restart Oracle WebLogic Server.
Once complete, log in again into the WebLogic Admin Console and select Security Realms > myrealm > Users and Groups. You should then see the Active Directory users listed alongside the WLS LDAP ones.


Next we will switch over to Enterprise Manager, first to configure Fusion Middleware's Oracle Platform Security Services to accept users and groups from both WLS LDAP and Active Directory when logging into the dashboard, and then we'll map the Active Directory groups to their equivalent application roles.

Log into Enterprise Manager, and select the WebLogic Domain > bifoundation_domain menu item on the left. Right-click on it and select Security> Security Provider Configuration. When the Security Provider Configurationpage is displayed, expand the Identity Store Provider area and press the Configure… button.


The Identity Store Configuration page will then be displayed. Press the Add button next to the Custom Properties area, and add a new custom property with these settings :

Property Name : virtualize
Value : true

Press OK to close the page.


Update the system.user key points to an existing user BISystemUser in Active Directory, then the system.user Credential Key will have be updated from Enterprise manager Credential Store (to point to the correct user/password


Edit Key > Select map= oracle.bi.system 
Key = system.user
TYpe = Password
User name = this should be your AD user
Password= password for AD user

Now right-click on the Business Intelligence > coreapplication entry in the left-hand side menu, and select Security > Application Roles. As you may have done with the application role settings in yesterday's postings, edit the BIAdministrator, BIAuthor and BIConsumer application roles so that the new Active Directory groups are listed as members.










Doing this ensures that the Active Directory users get the same type of Presentation Server and repository privileges as WLS LDAP users, but they won't have administration access to WebLogic or Enterprise Manager. 


Add AD User ADBISystemUser are mapped to Application Roles
Log in to Weblogic Admin console > Security Realms from the left-hand menu > drill on your security realm in the main screen (e.g. myrealm)
> Roles and Policies Tab >expand Global Roles> then Roles, then click on the link marked View Role Conditions
For the OBIEE application role eg "Apptester" you should see the corresponding AD group in View Role Conditions eg Group=Apptester (created on AD)







·  Doing this ensures that the Active Directory users get the same type of Presentation Server and repository privileges as WLS LDAP users, but they won't have administration access to WebLogic or Enterprise Manager.

You can, if you want, grant these users the same sorts of domain administrator rights as the WLS LDAP users, and you can indeed remove all of the WLS LDAP users and groups and move over to Active Directory entirely. But in most cases I see, this level of integration is sufficient, as it still allows the OBIEE administrators to control their own user accounts and privileges.
·  You should now be able to log in as one of the Active Directory users. In the screenshot below, the AD User user has logged in, and has been granted the BIAuthor role through their membership of the ADBIAuthors Active Directory group. If Anne Administrator, an Active Directory user assigned to the ADBIAdministrator group, logs in she will be able to administer the Presentation Server permissions and privileges, but she won't be able to log into Enterprise Manager to change the repository, for example.


Useful Links and Oracle Doc ID’s
After Upgrade from OBIEE 10g Unable To Login To OBIEE 11g : "Unable to find user in identity store" (Doc ID 1482788.1)
OBIEE 11g: Alert: Users Unable to Log in to OBIEE 11.1.1.9 if Using MSAD or Other Third-Party LDAP as the Identity Store and Virtualization is Set to true. (Doc ID 2016571.1)
OBIEE 11g: How To Setup ADSI LDAP Security Provider (Doc ID 1273961.1)

https://www.rittmanmead.com/blog/2010/11/oracle-bi-ee-11g-security-integration-with-microsoft-active-directory/
https://www.rittmanmead.com/blog/2010/11/oracle-bi-ee-11g-security-integration-with-microsoft-active-directory/
http://paulcannon-bi.blogspot.com/2012/07/configuring-ldap-authentication-for.html
https://docs.oracle.com/middleware/11119/biee/BIESC/privileges.htm#BABBCEFH
https://www.rittmanmead.com/blog/2012/03/obiee-11g-security-week-connecting-to-active-directory-and-obtaining-group-membership-from-database-tables

Check Profile Options Level: Site/Responsibility/User

select
b.user_profile_option_name "Long Name"
, a.profile_option_name "Short Name"
, decode(to_char(c.level_id),'10001','Site'
,'10002','Application'
,'10003','Responsibility'
,'10004','User'
,'Unknown') "Level"
, decode(to_char(c.level_id),'10001','Site'
,'10002',nvl(h.application_short_name,to_char(c.level_value))
,'10003',nvl(g.responsibility_name,to_char(c.level_value))
,'10004',nvl(e.user_name,to_char(c.level_value))
,'Unknown') "Level Value"
, c.PROFILE_OPTION_VALUE "Profile Value"
, c.profile_option_id "Profile ID"
, to_char(c.LAST_UPDATE_DATE,'DD-MON-YYYY HH24:MI') "Updated Date"
, nvl(d.user_name,to_char(c.last_updated_by)) "Updated By"
from
apps.fnd_profile_options a
, apps.FND_PROFILE_OPTIONS_VL b
, apps.FND_PROFILE_OPTION_VALUES c
, apps.FND_USER d
, apps.FND_USER e
, apps.FND_RESPONSIBILITY_VL g
, apps.FND_APPLICATION h
where
--a.application_id = nvl(401, a.application_id)
--and a.profile_option_name = nvl('INV', a.profile_option_name)
b.user_profile_option_name like '%Debug%' -- 'AFLOG_ENABLED'
and a.profile_option_name = b.profile_option_name
and a.profile_option_id = c.profile_option_id
and a.application_id = c.application_id
and c.last_updated_by = d.user_id (+)
and c.level_value = e.user_id (+)
and c.level_value = g.responsibility_id (+)
and c.level_value = h.application_id (+)
--and c.level_id=10003
and e.end_date is null
order by
b.user_profile_option_name, c.level_id,
decode(to_char(c.level_id),'10001','Site'
,'10002',nvl(h.application_short_name,to_char(c.level_value))
,'10003',nvl(g.responsibility_name,to_char(c.level_value))
,'10004',nvl(e.user_name,to_char(c.level_value))
,'Unknown');

Identify Long running Concurrent programs



-- Identify Long running Concurrent programs with child details and run time Parameters

select /*+ ORDERED USE_NL(x fcr fcp fcptl)*/
       fcr.request_id    "Request ID",
       fcr.requested_by "User",
       substr(DECODE (FCR.DESCRIPTION,  NULL,
       FCPTL.USER_CONCURRENT_PROGRAM_NAME,
       FCR.DESCRIPTION||' ('||FCPTL.USER_CONCURRENT_PROGRAM_NAME||')'),1,80)"Program Name",
       (fcr.actual_completion_date - fcr.actual_start_date)*1440 "Elapsed Time",
       oracle_process_id "Trace File ID" ,
       fcr.phase_code "Phase",
       fcr.status_code "Status",
       to_char(fcr.request_date,'DD-MON-YYYY HH24:MI:SS')   "Submitted",
       (fcr.actual_start_date - fcr.request_date)*1440 "Delay",
       to_char(fcr.actual_start_date,'DD-MON-YYYY HH24:MI:SS')  "Start Time",
       to_char(fcr.actual_completion_date, 'DD-MON-YYYY HH24:MI:SS') "End Time",
       fcr.argument_text "Parameters"
  from (select /*+ index (fcr1 FND_CONCURRENT_REQUESTS_N3) */
               fcr1.request_id
          from fnd_concurrent_requests fcr1
         where 1=1
         start with fcr1.request_id = :RequestID
       connect by prior fcr1.request_id = fcr1.parent_request_id) x,
       fnd_concurrent_requests fcr,
       fnd_concurrent_programs fcp,
       fnd_concurrent_programs_tl fcptl
 where fcr.request_id = x.request_id
   and fcr.concurrent_program_id = fcp.concurrent_program_id
   and fcr.program_application_id = fcp.application_id
   and fcp.application_id = fcptl.application_id
   and fcp.concurrent_program_id = fcptl.concurrent_program_id
   and fcptl.language = 'US'
 order by 1


 -- To find current running SQL text for a request with performance/hanging issues - refer to Doc ID 186472.1
-- prints all requests currently running for a request set or can be used for any single running request
-- note that if no SQL is returned, then the process may be working in RAM Memory - examples are MRP or ASCP Memory Based Planner process
-- REQUIRED VALUE - Enter the Request ID that launched the Request set being investigated

select
request_id,
to_char(sid) sid
, to_char(serial#) serial#
, vq.sql_id SQLID
, vs.osuser
, vs.machine
, sql_text
, vs.process
from
apps.fnd_concurrent_requests fcr,
v$session vs,
v$sqltext vq
where
vs.process = fcr.os_process_id
and vs.sql_address = vq.address
and fcr.status_code = 'R'
and fcr.phase_code = 'R'
   and request_id in
  (select fcr.request_id
  from (select /*+ index (fcr1 FND_CONCURRENT_REQUESTS_N3) */
          fcr1.request_id
       from fnd_concurrent_requests fcr1
         where 1=1
         start with fcr1.request_id = &request_id
          connect by prior fcr1.request_id = fcr1.parent_request_id) x,
          fnd_concurrent_requests fcr,
          fnd_concurrent_programs fcp,
          fnd_concurrent_programs_tl fcptl
          where fcr.request_id = x.request_id
          and fcr.concurrent_program_id = fcp.concurrent_program_id
          and fcr.program_application_id = fcp.application_id
          and fcp.application_id = fcptl.application_id
          and fcp.concurrent_program_id = fcptl.concurrent_program_id
          and fcptl.language = 'US')
order by request_id, serial#, piece;


Some Tips About FNDLOAD

Data Synchronization  Data Synchronization is a process in which some setup data would be synchronized, and this would be more important w...