Oracle 11g Filesystem Mount Points

Oracle 11g Mount Points, Oracle Base Filesystem Changes

With the introduction of Oracle 11g Oracle introduced changes to the default directory assignments (mappings) for where the following items are stored: trace files, core dumps, user dumps, alert log, etc.

The location for these types of files are driven by parameters in the spfile and in older Oracle releases the init.ora file. These preferences have always been left to the discretion of the Oracle DBA and I’ve seen many variations and schemas for implementing the directory hiearchy associated with these core Oracle admin related files.

In the Unix world shell environment variables are typically defined in the appropriate shell profile and/or login scripts and at its most minimilist level one would typically see the following environment variables:

$ORACLE_BASE
$ORACLE_HOME

Depending on the shell environment used the following represent some common mappings:

export ORACLE_HOME=$ORACLE_BASE/product/<oracle release>/db_1

Where: ORACLE_BASE=/opt/app/oracle, oracle release, for example would be 10.2.0 which represents Oracle 10g R2. Some people prefer to extend the value for the oracle release (this is just my logical name assignment to describe the value in this example) to include the patch set installed, etc. Personally, I prefer to use the generic major release so I don’t have to either rename the directory or clone it because that could lead to Oracle Inventory issues, etc. The last directory “db_1″ is an example of following Oracle’s suggested naming convention as described in their Oracle 10g R2 documentation. If you use a naming standard that follows this convention then you could add additional Oracle Homes at the same level of db_1 and name them db_2, db_3, etc. Instead of using db_1 you call use client_1, client_2, … if the Oracle Home is on an Application or Web Server instead of a Database Server. At our installations we use asm to indicate an Oracle Home for Oracle’s ASM and in this case the ASM Oracle Home was completely independent of the Oracle Home used to service the Application which in this case was PeopleSoft. Along that same line of thought we used crs for the Oracle Home for Cluster Ready Services (CRS) which is required to be independent of any other Oracle Home’s.

This lends itself to patching the various Oracle Home’s independently, instead, of servicing ASM and whatever Applications or Databases out of one Oracle Home. Of course, there are pros and cons for both configurations and what is best for your installation depends on the constraints and requirements for your software installation.

A typical Oracle Base, Product and Admin filesystem structure would look like the following at a high level:

/opt/app/oracle

/opt/app/oracle/product/10.2.0/db_1

/opt/app/oracle/product/10.2.0/asm

/opt/app/oracle/product/10.2.0/crs

/opt/app/oracle/admin

/opt/app/oracle/admin/bdump/{$ORACLE_SID}

/opt/app/oracle/admin/cdump/{$ORACLE_SID}

/opt/app/oracle/admin/udump/{$ORACLE_SID}

…..

Some people prefer:

/opt/app/oracle/admin/{$ORACLE_SID}/bdump

/opt/app/oracle/admin/{$ORACLE_SID}/cdump

/opt/app/oracle/admin/{$ORACLE_SID}/udump

I didn’t list all of the directories, just enough to illustrate the concept. The differences between how to break out the administrative directories (bdump,cdump,udump,hpdump,scripts,….) is strictly a personal preference.

Oracle 11g Changes

Oracle 11g has obsoleted the previous Administrative directory hiearchy and replaced it with one that contains many more default directories and they have also make a distinction between the database and client which is enforced and implemented in the new directory structure they have published. The following illustrates this change at a very high level:

/opt/app/oracle

/opt/app/oracle/product/11.1.0/db_1

/opt/app/oracle/diag

/opt/app/oracle/oraInventory

/opt/app/oracle/cfgtoollogs

/opt/app/oracle/diag

/opt/app/oracle/rdbms

/opt/app/oracle/clients

/opt/app/oracle/asm

/opt/app/oracle/ofm

/opt/app/oracle/tnslsnr

/opt/app/oracle/crs

/opt/app/oracle/lsnrctl

/opt/app/oracle/netcman

/opt/app/oracle/diagtool

The impact is evident if you use custom scripts to create your databases from scratch, as opposed to use Oracle’s dbca (Database Configuration Assistant), or you create a database during the initial Oracle Software Installation, etc. The biggest impact to me was on my filesystem layout. We use EMC’s storage solutions and whenever we setup a new server we create an Excel spreadsheet that lays out the filesystem mount points and sizes. Typically, I will create filesystems such as the following:

/opt/app/oracle – used as the mount point

/opt/app/oracle/product

/opt/app/oracle/admin

/opt/app/oracle/admin/backup

/opt/app/oracle – is very small and simply serves as the mount point for the other filesystems. With the Oracle 11g changes I was caught off guard (I didn’t read through the installation guide like I should have so that’s on me). If I had been aware of the impact I would have planned a larger size for this path.

In order to continue with my software install and initial environment buildout I made a few changes to my core Oracle Initialization parameters. I moved the the “diag” directory to be located inside the “admin” directory. This still left quite a few directories at the /opt/app/oracle level.

Note: More to come, I’m stopping to get coffee and check on my imports. I’m only publishing this post so I won’t lose it (I know I could keep it unpublished……)

Oracle 10G R2 RAC ORA-04031 Error

We had a problem ORA-04031: unable to allocate 3128 bytes of shared memory (“shared pool”,”unknown object”,”sga heap(1,0″,”gcs shadows”) resulting in one of our six instances between terminated (crash).

This Database is for a PeopleSoft Financials 8.9, PeopleTools 8.48 Application and is running RAC on six blades, HP-UX, Oracle 10g R2 with the latest patchset and the chipset is Itanium.

This problem didn’t happen frequently and it occurred at time when the server memory was down to 60 MB of free memory. The default value of the _shared_pool_reserved_min_alloc is 4400 so the 3128 bytes of memory was attempting to be allocated from the shared pool. Our sga target size is 3008M and the sga max is 3504M. In cases where the buffer cache is very large the allocations for the gcs and ges shadows and resources will be large as well.

Allocations are made in the shared pool to preserve integrity of the buffer cache blocks. The allocations for gcs shadows, gcs resources, ges enqueues and ges resources will increase as the size of the buffer cache increases and during startup the memory allocated to those resources can be quite high.

ORA-4031 can occur at startup if shared pool size is too small to start with. In this case our original shared pool size was 256 MB. You can check the v$ views to see what the max size of your shared pool has been to see if you need to make any adjustments to bump it up closer to that value to ensure MMAN does not shrink the pool to give memory to the buffer cache.

If you observe frequent resize operations between the shared pool and buffer cache then it indicates the sga_target is set too low.

col component format a25
col initial_size format 999,999,999,999 head “Initial”
col parameter format a25 heading “Parameter”
col final_size format 999,999,999,999 heading “Final”
col end_time heading “Changed At”
col current_size format 999,999,999,999 heading “Current Size”
col min_size format 999,999,999,999 heading “Min Size”
col max_size format 999,999,999,999 heading “Max Size”
col granule_size format 999,999,999,999 heading “Granule Size”

break on report
compute sum of current_size on report
select component, current_size, min_size, max_size, granule_size
from v$sga_dynamic_components
/

clear breaks

or

col component format a20 truncate
col end format a18
col initial_size format 999,999,999,999
col target_size format 999,999,999,999
col final_size format 999,999,999,999
set linesize 120

select to_char(end_time,’dd-Mon-yyyy hh24:mi’),end, component, oper_type,
initial_size, target_size, final_size
from v$sga_resize_ops
where component=’shared pool’
order by end
/

Practical SSH Tunneling Example

ssh -2 -N -f -L 2110:mail.mac.com:110 user@ssh-server.example.com user@ssh-server.example.com’s password: *****

When the tunnel is up and running, you can point your mail client to send POP3 requests to localhost port 2010. A connection there will be forwarded securely across the tunnel to mail.mac.com.

Bypassing a Firewall:

Some networks impose serious security restrictions via strict firewall rules. Filtering not only the incoming connections but monitoring and restricting port traffic. You may only have access to remote machines via ports 22 and 80 for ssh and web browsing.

You may have a need to access another service, however, it that service does not use ports 22 or 80 you will not be able to do so.

The solution or one possible solution, that is, is to create an ssh connection to a machine outside of the network’s firewall and use it to tunnel to that service.

ssh -2 -N -f -L 8888:music.mac.com:8000 user@remote.example.com user@remote.mac.com’s password: *****

It is a good idea to limit the users that can access your system via log in and also restrict from what machines they can log in from. The AllowUsers option is a way to accomplish this. For example, to only allow the root user to connect from 192.168.1.48 something like the following can be entered into the /etc/ssh/sshd_config file:

AllowUsers root@192.168.1.48

Then to allow the user admin the ability to log in from anywhere, just list the username without a host:

AllowUsers admin

OpenSSH has the ability to create a tunnel to encapsulate another protocol in an encrypted tunnel session. The following command instructs ssh to create a tunnel for telnet:

ssh -2 -N -f -L 5023:localhost:23 user@machine.example.com

The ssh’s command line arguments above are:

-2 forces ssh to use version 2 of the protocol (this won’t work if you are working with version 1 servers).
-N indicates that there isn’t a command on the line but instead its a tunnel only command
-f forces ssh to execute or run in the background
-L indicates a Local Tunnel

An ssh tunnel works by creating a listen socket on localhost on the specified port. It then forwards any connection requests received on the local host port to the ssh connection on the remote host and port.

In the above example, 5023 on localhost is being forwarded to port 23 on the localhost of the remote machine. Since 23 is telnet, this would create a secure telnet session through an ssh tunnel.

Example of using ssh to create a secure SMTP tunnel:

ssh -2 -N -f -L 5025:localhost:25 user@remote.domain.com user@mailserver.domain.com’s password: *****

This can be used in conjunction with an ssh-keygen and additional user accounts to create a more seamless ssh tunneling environment. Keys can be used instead of typing a password and tunnels can be run as a separate or different user.

Configuring IPsec on FreeBSD:

To start install security/ipsec-tools from the Ports collection. The next step is to create two pseudo-devices which will be used to tunnel packets and allow both networks to communicate properly. As root, run the following commands, replacing the internal and external items with the real internal and external gateways:

ifconfig gif0 create
ifconfig gif0 internal1 internal2
ifconfig gif0 tunnel external1 external2

For example, the Corporate Lan’s public IP is 12.43.10.5 with a private IP of 10.160.40.1. The home Lan’s public IP is 75.148.226.248 with an internal private IP of 192.168.1.4.

Once set up, both private IPs should be reachable by ping.

As expected, both sides have the ability to send and receive ICMP packets from the privately configured addresses. Next, both gateways must be told how to route packets in order to corectly send traffic from either network. The following command will achive this goal.

route add 192.0.0.0 192.168.1.4 255.255.255.0
route add net 192.0.0.0: gateway 192.168.1.4
route add 10.160.40.0 10.160.40.1 255.255.255.0
route add host 10.160.40.0: gateway 10.160.40.1

At this point, internal machines should be reachable from each gateway as well as from machines behind the gateways.

Setting up the tunnels is easy. Configuring a secure link is much more difficult. The following example uses pre-shared (PSK) RSA keys. Aside from IP addresses, both /usr/local/etc/racoon/racoon.conf files will be identical and look similar to:

path pre_shared_key “/usr/local/etc/racoon/psk.txt”;
log debug;

padding # options are not to be changed
{
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}

timer # timing options, change as needed
{
counter 5;
interval 20 sec;
persend 1;
# natt_keepalive 15 sec;
phase1 30 sec;
phase2 15 sec;_
}

listen # address [port] that racoon will listen on
{
isakmp 172.16.5.4 [500];
isakmp_natt 172.16.5.4 [4500];_
}

remote 192.168.1.2 [500]
{
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
my_identifier address 172.16.5.4;
peers_identifier address 192.168.1.12;
lifetime time 8 hour;
passive off;
proposal_check obey;
nat_traversal off;
generate_policy off;
proposal{
encryption_algorithm blowfish;
hash_algorithm md5;
authentication_method pre_shared_key;
lifetime time 30 sec;
dh_group 1;_
}
}
sainfo (address 10.246.38.0/24 any address 10.0.0.0/24 any)
{
pfs_group 1;
lifetime time 36000 sec;
encryption_algorithm blowfish, 3des, des;
authentication_algorithm hmac_md5, hmac_sha1;
compression_algorithm deflate;
}

(more…)

Mac OS X What Are All Those Processes?

What Are All Those Apple OS X Processes

*AppleFileServer* (AFP over IP) personal file sharing uses AFP, it should only be running if file sharing is enabled (via the System Preference Sharing pane)
autodiskmount – responsible for mounting removable disks and media
automount – automatically mounts and dismounts (NFS and AFP) file systems as they are accessed / left idle
configd - maintains dynamic configuration information about the computer and its environment (mainly the network)
CrashReporter – logs information about program crashes, it can be configured (via editing /etc/hostconfig in OS X 10.1+) and the Console utilities preferences on OS X 10.1+) to log crashes in ~/Library/Logs or not.
cron – crontab executes scheduled programs and tasks, mostly to perform routine maintenance scripts periodically on the computer. There are scripts that run on a daily, weekly and monthly basis to archive and clean up the system log files.
DirectoryService – this process maintains service location, users, groups and authentication services by gathering information from plugins and protocols and communicates that information to whichever task needs that information
DesktopDB – keeps track of known applications and their document types, used by the Finder application to handle file associations
distnoted – provides distributed notifications service
ftpd – FTP Daemon, created dynamicallyby xinetd or inetd and will only execute whenever someone or a program is accessing or attempting to access your computer using the FTP protocol.
dynamic_pager – assist the kernel with managing the swap files for virtual memory
httpd - Apache Web Server, it should only be running if web sharing is enabled via System Preference’s panes, if it is running it is common for there to be more than one process running with this name
init – master process that is responsible for spawning (creating) processes at boot time via /etc/rc* and StartupItems, after boot time it is responsible for monitoring and restarting the background processes
inetd – responsible for starting and looking after some of the Internet services (mainly FTP and telnet), in OS X 10.2 it was replaced by xinetd which was then replaced by launchd (launchctl) in OS X 10.3
ipconfigd - OS X 10.0 – 10.1.1 only, automatically configures the network, now merged with configd since OS X 10.1.2
KernelEventAgent – handles notifications about file system status
kextd - responsible for loading and unloading kernel extensions (device drivers)
launchd – OS X 10.4+, replaces init and mach.init and takes over most of the functions of cron and xinetd
lookupd – handles DNS and NetInfo lookup tasks, resolves names and communicates with the DirectoryService
mach_init – 10.0 – 10.3 only, the mach kernel’s bootstrap port server, this is the first process created during bootup and it creates the BSD init process (which then in turn starts up everything else). In OS X 10.3 it also created several of the daemons that used to be created via StartupItems, replaced by launchd in OS X 10.4
mDNSResponder – multicast DNS (component of Bonjour / Rendezvous) responder; this process advertises network services such as AFP file sharing, serves up the “.local” name and it executes using the unix account “nobody” for security reasons.
netinfod - services NetInfo data, there will be one process for each NetInfo domain serviced by the local computer (normally just one process).
nfsiod - services async requests to an NFS server, its normal for there to be more than one
nibindd – finds, creates and destroys NetInfo servers (i.e. netinfod), this process will only execute if there is something for it to do
notifyd – passes event notifications between processes
ntpd – network time protocol daemon
pitond – retrospect client (only present if Retrospect Client is installed)
pmTool - a user process that happens to execute as root, activity monitor uses it to collect information on running processes
portmap – dynamically assins RPC (network remote procedure calls) services such as NetInfo and NFS to TCP/UDP ports
slpd – Service Location Protocol (SLP) responder, this advertise such services as AFP file sharing, has been replaced by Bonjour/Rendezvous but is kept active for compatibility with other OS X software releases
slpdLoad – frequently shows up as a Zombie in Activity Monitor
sshd - secure shell server, listens for and services incoming SSH connections, it was added to OS X 10.0.1 and should only be running if “Allow Remote Login” is enabled in System Preferences, in OS X 10.3, sshd no longer runs continuously listening for incoming connetions, instead xinetd (v10.3) or launchd (v10.4) does the listening, only starting sshd when its actually needed
syslogd - logs and or dispatches system status and error messages
telnetd – handles incoming telnet (remote login) connetions, its enabled by “Allow remote login” in the System Preferences Sharing Pane. This process is dynamically created by inetd so it should only appear when it has work to do like when someone is remotely connection to your machine or is attempting to
update – responsible for keeping disks synchronized with the file system cache, keeping data loss to a minimum
xinetd – responsible for starting and looking after some internet services (mainly ssh, FTP and telnet) provided by a computer. This is an extension of the inetd, in OS X 10.4 it was mostly replaced by launchd but is kept around for compatibility

*User Processes*
ATSServer - Apple Type Solution Server – responsible for managing the available fonts and making them available to the applications
Dock – maintains and displays the Dock
DocklingServer – keeps docklings’ status and displays up to date
Finder – the Finder
hdid - handles mounted disk images (.dmg and .img) files
LaunchCFMApp – applications in the old-style Macintosh format (Code Fragment Manager format, aka CFM, aka PEF) will show up in Process Viewer under this name LaunchCFMApp is actually a wrapper program provided for compatibility with this old application format; Process Viewer just can’t see through the wrapper to the actual process or application inside
loginwindow – this is only partly a user process, it starts before anyone logs into the computer and is responsible for displaying the login screen (or not, it autologin is set). It also acts as a process monitor for user processes, restarts the Dock or Finder if they crash or quit and implements the Force Quit Applications window, it handles logout, restart and shutdown procedures
pbs – the pasteboard server
pmTool – background process that the Activity Monitor users to collect information on running processes, runs as root
SystemUIServer – OS X 10.1+, maintains the menu items in the right of the Dock
TruBlueEnvironment (or “(null)”) – Classic OS 9 compatibility environment, single process that includes OS 9 and all running Classic applications. The name derives from the early Apple code-name for the Classic environment: “the Blue Box”, for some reason Activity Monitor under OS X 10.3 has trouble reading this process’s name and tends to display it as “(null)”
WindowServer aka Window Manager – responsible for managing the computer’s display and mediating between the various applications and other processes that want to display information on it. It does all of the grunt work of launching new user applications, so most user processes are actually its children in the process hiearchy.

(more…)

PeopleSoft WebServer Incorrectly Configured?

Error during signon to PT 8.19 or higher.

“Webserver appears to be incorrectly configured. System detected that multiple webserver sessions are being generated during login.”

As the message suggests, this indicates that several connections are being initiated from the browser to the webserver. This can happen because the webserver is not able to read back the cookie it submitted to the browser.

Cookies have primarily 3 attributes, a name, a value and a domain to which they are associated. The Peoplesoft Webserver uses a cookie to track user sessions. Typically, the cookie name follows the naming convention “–WebLogicSession”, where hostname is the local name of the webserver, and port refers to the port the webserver is listening on for incoming http connections.
Examples are: tssun-7001-WebLogicSession , psofthr-80-WebLogicSession, etc.
For Weblogic, the cookie name is set in the configuration.properties file for WL 5.1, and in config.xml for WL 6.1 or higher.

(Note: Websphere imposes the J2EE convention more strictly and does not allow the cookie name to be changed, its always “JSESSIONID” . On some systems, the cookie may have the suffix “JSESSIONID” instead of “WebLogicSession” )

The cookie value is set by the application, and is a unique identifier that ties the http session to the session object created within the Webserver.

The cookie domain is set by the webserver. When a user accesses a webserver, the browser will only submit cookies that match the domain of the URL being accessed.
For e.g if the URL is http://pshr.peoplesoft.com/ps/signon.html then all cookies that have the domain “.peoplesoft.com” will be submitted to the webserver, similarly, if the URL is http://www.pshr.peoplesoft.com/ps/signon.html then all cookies with the domain “.peoplesoft.com” or “.pshr.peoplesoft.com” will be submitted. Note that cookies with the domain “.psfn.peoplesoft.com” will *not* be submitted to either of these URLs.
Using a domain in the URL is optional, if its not being used, the cookie will be associated with the server name, rather than the domain name. If you plan to use Peoplesoft’s Single Signon feature, you will need to use a domain qualified URL.

The issue mentioned above occurs if the webserver sends a cookie to the browser, and then redirects it to another link expecting to read the cookie back, but somehow is not able to. i.e the browser does not send the cookie back to the domain it came from.

Following scenarios have been identified

Cookies are disabled on the browser.

For Internet Explorer, check the status bar (lower right corner) for the zone your domain is on. Then go to Tools/Internet Options/Security, select the Zone, and select Custom settings. Make sure cookies are enabled. The domain name in the cookie does not match the domain name in the URL.

Note the domain name in the URL you are using to access the Webserver. If you are running WL 5.1, the weblogic.properties file, and confguration.properties should have the domain name. See example below:

In configuration.properties:

AuthTokenDomain=.corp.peoplesoft.com

In weblogic.properties:

weblogic.httpd.session.cookie.name=tssun01-5000-WebLogicSession
weblogic.httpd.session.cookie.domain=.corp.peoplesoft.com

Check the following properties are set correctly if you are not using a domain name in the URL

In configuration.properties:

AuthTokenDomain=

In weblogic.properties:

weblogic.httpd.session.cookie.name=tssun01-7001-WebLogicSession
#weblogic.httpd.session.cookie.domain=

Bad configuration examples:

Example 1: ( Reason: weblogic.httpd.session.cookie.domain is empty)
configuration.properties
AuthTokenDomain=.corp.peoplesoft.com

weblogic.properties
weblogic.httpd.session.cookie.name=tssun01-5000-WebLogicSession
weblogic.httpd.session.cookie.domain=

Example 2: ( Reason: weblogic.httpd.session.cookie.domain should be commented out if not using Domains)
configuration.properties
AuthTokenDomain=

weblogic.properties
weblogic.httpd.session.cookie.name=tssun01-7001-JSESSIONID
weblogic.httpd.session.cookie.domain=

Example 3: (Reason: Cookie domain in weblogic.properties does not match AuthTokenDomain)
configuration.properties
AuthTokenDomain=.corp.peoplesoft.com

weblogic.properties
weblogic.httpd.session.cookie.name=tssun01-7001-WebLogicSession
weblogic.httpd.session.cookie.domain=.peoplesoft.com

Example 4: (Reason: MYSESSIONID may not be recognized by cookierules.xml )
configuration.properties
AuthTokenDomain=.corp.peoplesoft.com

weblogic.properties
weblogic.httpd.session.cookie.name=tssun01-7001-MYSESSIONID weblogic.httpd.session.cookie.domain=.corp.peoplesoft.com

Lastly make sure that these parameters are not duplicated in the weblogic.properties file. An aborted or incorrect installation may cause the parameters to appear more than once, in which case weblogic only recognizes the last one.

You are not using a domain in the URL, but the cookie has a domain, or vice-versa.

For example, if the configuration.properties file has
AuthTokenDomain=.peoplesoft.com
but you are using
http://tssun01/ps/signon.html
to access the webserver.

Alternatively, the configuration.properties contains
AuthTokenDomain=
but you are using
http://tssun01.peoplesoft.com/signon.html

Cookies are being set in other parts of the application, or by other content providers(for portal) that exceed the 20 cookies per domain limit for the browser. When more than 20 cookies are set, the browser starts discarding cookies randomly.

Type in “javascript:document.cookie” in your browser address bar to get a dump of all cookies associated with the current site. Each NAME=VALUE; pair identifies one cookie.

A bad cookie has been set that cannot be parsed by the webserver, causing all cookies to be discarded. For example, with Weblogic 5.1 SP12, commas are no longer allowed in the cookie value. If a cookie containing commas(,) is encountered by the webserver, it rejects the http header, causing the signon cookie to be lost too. Same situation can happen with cookies whose value exceeds 4K which is the maximum size limit for a cookie data.
Note: Weblogic 5.1 SP9 and Weblogic 6.1SP1 allowed commas in cookie values, so some of the code within the Peoplesoft application used them as delimiters. Since PT 8.43.03, this has been changed to use “|”(pipe) instead. If you are mixing pre-PT 8.41.03 and post-PT 8.41.04 (including PT 8.19 or later) releases you might see cookies being set by one webserver with commas that get blocked when they hit the other webserver. For example, this can happen with a pre-PT 8.41.03 portal accessing content on PT 8.19.

If you are accessing different PeopleTools releases and have single signon enabled, or if you are running Peoplesoft Portal with content hosted on different PeopleTools releases, make sure that all the Peopletools release either use commas in cookies, or none of them do. As a rule of thumb, all versions later than PT 8.41.03 aand PT 8.18, do not use commas.
When a cookie that uses commas gets submitted to a Webserver that does not allow it, you’ll get the following error:

Mon Jul 28 21:09:06 PDT 2003: Got bad Cookie header: in cookie ‘SignOnDefault; http%3a%2f%2fitnt19.scu.edu%3a8100%2fpsp%2fcpdev84%2femployee%2fempl%2frefresh=list: %3ftab%3demployee_page,%3ftab%3dfaculty_homepage,%3ftab%3dpxxxxest; tssun01-80-WebLogicSession=PyXzYetWTYWhCAxTtuYAdwSvdQrOBmU57yNnTYyPyWiK2pyQa6Y9|-4419809228241818902/-2116942805/6/80/80/443/443/80/-1′ character ‘,’ at position 148 is illegal from User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)

weblogic.servlet.internal.MalformedCookieHeaderException: in cookie ‘SignOnDefault; http%3a%2f%2fitnt19.scu.edu%3a8100%2fpsp%2fcpdev84%2femployee%2fempl%2frefresh=list: %3ftab%3demployee_page,%3ftab%3dfaculty_homepage,%3ftab%3dpapp_guest; tssun01-80-WebLogicSession=PyXzYetWTYWhCAxTtuYAdwSvdQrOBmU57yNnTYyPyWiK2pyQa6Y9|-4419809228241818902/-2116942805/6/80/80/443/443/80/-1′ character ‘,’ at position 148 is illegal
at weblogic.servlet.internal.CookieParser.parseNetscapeCookie(CookieParser.java:222)
at weblogic.servlet.internal.CookieParser.parse(CookieParser.java:111)
at weblogic.servlet.internal.CookieParser.getCookies(CookieParser.java:104)
at weblogic.servlet.internal.CookieParser.parseCookies(CookieParser.java:93)
at weblogic.servlet.internal.ServletRequestImpl.parseCookies(ServletRequestImpl.java:1300)
at weblogic.servlet.internal.ServletRequestImpl.getCookies(ServletRequestImpl.java:1285)
at weblogic.servlet.internal.ServletRequestImpl.initSessionInfo(ServletRequestImpl.java:1452)
at weblogic.servlet.internal.ServletRequestImpl.getSession(ServletRequestImpl.java:1332)
at weblogic.servlet.internal.ServletContextImpl.checkA(ServletContextImpl.java:2005)
at weblogic.servlet.internal.ServletContextImpl.checkAccess(ServletContextImpl.java:1804)
at weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:942)
at weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:909)
at weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContextManager.java:269)
at weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:392)
at weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:274)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:130)

Following the UNC, there should not be underscores in the webserver name or the domain name in the URL. Hyphens are okay.

Bad: http://ps_hr.peoplesoft.com/ps/signon.html
Bad: http://pshr.people_soft.com/ps/signon.html
Bad: http://ps_hr/ps/signon.html
Good: http://ps-hr.peoplesoft.com/ps/signon.html
Good: http://ps-hr.peoplesoft.com/ps_test/signon.html
Good: http://pshr/ps-test/signon.html
Note: PT 8.1x allows underscores in domain names whereas PT 8.4x does not.
Attempt to bring up a custom page via directlink.html and they were receiving the above error. Found that they had an ampersand (&)at the end of the url and once they removed the ampersand the page started working. 

CASE 8:
Determined that the issue was a result of a local browser setting. Must enable “Always Allow Session Cookies” in IE6.

Internet Explorer 6.x for PCs:
From inside the IE window:

> Go to Tools, then click on Internet Options.
> Click on the Privacy tab.
> Click on the button Advanced.
> Check the box Override Automatic Cookie Handling.
> Check the box Always Allow Session Cookies.

Configuring Database Control with EMCA Oracle 11g

Configure Database Control w/EMCA

1.Set the following environment variables to identify the Oracle Home and the Oracle System Identifier (SID) for the database you want to manage:
a. ORACLE_HOME
b. ORACLE_SID

2. Change directory to the ORACLE_HOME/bin directory.

3. Start EMCA by entering the following command with any of the optional command-line arguments show in the Table below:

$PROMPT> ./emca

Depending upon the arguments you include on the EMCA command line, EMCA prompts you for the information required to configure Database Control.

For example, enter the following command to configure Database Control so it will perform automatic daily backups of your database:

$PROMPT> ./emca -config dbcontrol db -backup

EMCA commands are of the form:

emca [operation] [mode] [flags] [parameters]

Note: To configure Database Console for single instance database using ASM, no extra parameters are required to be passed along with the EMCA command. Run the following command to configure the Database Console which will automatically detect the ASM instance:

$PROMPT> ./emca -config dbcontrol db -repos create

Note: The Database Control repository is in secure mode, which means that Enterprise Manager data is encrypted. The file location of the encryption key depends upon the type of database, as follows:

For Single Instance Databases:

$ORACLE_HOME/_/emkey.ora

For Oracle RAC Databases:

$ORACLE_HOME/node_sid/emkey.ora

Oracle strongly recommends that you ensure this file is backed up because the encrypted data will become unusable if this file is lost.

emca -h | –h | -help | –help

Use this option to display the Help message for the EMCA utility.

emca -version

Prints the version information associated with EMCA.

emca -config dbcontrol db [-repos (create|recreate)][-cluster][-silent][-backup][parameters]

Configures Database Control for a database. Options include creating (or recreating) Database Control repository, configuring automatic backups and performing these operations on a cluster database.

How To Remove An Empty ASM Directory

Sometimes it can happen that ASM contains empty system directories (particularly Archivelog directories) which can not be removed. According to Oracle Note 3751057.8 ALTER DISKGROUP DROP DIRECTORY FORCE removes system aliases. The system generated directories should be removed automatically as soon as all its files have been removed. However, this doesn’t always happen and sometimes a manual directory removal will fail.

set pagesize 2000
select level, dir, sys, substr(lpad(‘ ‘,2*level,’ ‘)||
concat(‘+’||gname,sys_connect_by_path(aname,’/')),1,60) full_path
from (select g.name gname, a.parent_index pindex, a.name aname, a.reference_index rindex, a.alias_directory dir, a.system_created sys
from v$asm_alias a, v$asm_diskgroup g where a.group_number = g.group_number)
start with (mod(pindex,power(2,24))) = 0
connect_by prior rindex = pindex
order by rtrim(ltrim(full_path)) desc, level asc;

Oracle’s recommended solution is to create a new database with DBCA having the same name as the old directory and subsequently drop the database with the DBCA or create a dummy tablespace having a datafile within the directory to be dropped, drop the tablespace and then remove the datafile using the ASMCMD tool. The old directory will be removed automatically.

There is a scenario when there are left behind directories after the database is dropped using RMAN’s command: RMAN> drop database including backups [noprompt];

When one falls into this there is now way out but to recreate the diskgroups. This problem is being investigated in Bug 6606689. To avoid this issue one should run the following two commands instead of “DROP DATABASE INCLUDING BACKUPS;”.

RMAN> delete backupset;
RMAN> drop database;

Process Scheduler Purge

Tables Affected

PSPRCSRQST
PSPRCSQUE
PSPRCSCHLDINFO
PSPRCSPARMS
PSPRCSRQSTXFER
PS_PRCSRQSTDIST
PSPRCSRQSTTEXT
PSPRCSRQSTFILE
PSPRCSRQSTMETA
PSPRCSRQSTSTRNG
PSPRCSRQSTTIME
PS_PRCSRQSTNOTIFY
PSPRCSRQSTARCH
PS_PRCSRQSTURL
PS_PRCSFILE

SQR Dialog Box

Dialog Box Options – Windows Report Name – Click the files button, you will be prompted to select an SQR report from any of your directories or drives. If you prefer to enter in the name, be sure to specify the whole path as follows: c:\psoft90fn\pt84912\sqr\test1.sqr

Username enter username to run the report under
Password enter the password for the username entered above
Database enter the specific database identified you want to
execute the report against.
Report Arguments:
-A causes the output to be appended to an existing output file of the
 same name. If the file does not exist a new one will be created. This is
useful when you want to run the same report more than once but only want to
create a single file.
Note: The -A flag has some restrictions, it
only works with .LIS files and not .SPF files, it only applies to reports
using -PRINTER:LP, it is ignore for all other printer types and output
formats. In a non-Window environments, it can only be used with SQR and SQRP,
it does not work with SQRWP.

-BURST:{xx} specifies the type of bursting to be used.
-BURST:T generates the Table of Contents file only. -BURST:S generates the report output
 according to the symbolic Table of Contents entries set in the program with the
TOC-ENTRY command's "level" argument. In -BURST:S[{1}],{1} is the level at which
to burst upon. The setting -BURST:S is equivalent to -BURST:S1 -BURST:P generates the
report output by report page numbers, in-BURST:P[{1},{s}[,{s}]...}],{1} is the number of
logical report pages that each .HTM file will contain and {s} is the page
selection:{n},{n}-{m},-{m}, or {n}-. The setting -BURST:P is equivalent to 
-BURST:P0,1- when using -PRINTER:HT or -BURST:P1 when using -PRINTER:EH.
Note: -BURST:P and -BURST:S requires -PRINTER:EH, -PRINTER:HT or -PRINTER:EP.
The Page range selection feature of -BURST:P requires -PRINTER:HT, -BURST:T
requires -PRINTER:HT

-C (Windows) specifies that the Cancel dialog box appears
while the program is running so you can easily terminate the program execution.
-CB (Windows, Callable SQR) forces the communication box to
be used.
-DEBUG[xxx] causes lines preceded by #DEBUG
to be compiled. Without this flag, these lines will be ignored. See #DEBUG for
 more information

-DNT:{xx} specifies the default behavior for numeric variables.
The value forxx can be eitherINTEGER, FLOAT DECIMAL or
V30. To specify a precision for DECIMAL,
append it with a colon delimiter (:)- for example, -DNT:DECIMAL:20.
See the DEFAULT argument for DECLARE-VARIABLE
for a detailed explanation. The DEFAULT argument in the
DECLARE-VARIABLE command will takeprecedence, if used.

-E[file} causes error messages to be directed to the named
file, or to the default file program.err. If no error occurs, no file is
created.
-EH_APPLETS:dir specifies the directory location of the Enhanced HTML applets.
The default directory for these applets is IMAGES.
Note: This flag is only applicable when the -PRINTER:EH flag
is specified.

-EH_BQD generates a {report}.bqd file from the report data.
Also associates a BQD icon with {report}.bqd in the navigation bar.
Note: This flag is only applicable when the -PRINTER:EH or 

-PRINTER:EP flag is specified. -EH_BQD:file
associates the BQD icon with the specified file
Note: This flag is only applicable when the -PRINTER:EH or
-PRINTER:EP flag is specified.

-EH_BROWSER:xx specifies the target browser. When set to ALL,
SQR auto-senses which browser is being used, invokes a browser-specific file,
generates HTML designed for that browser. When set to BASIC, SQR generates
HTML suitable for all browsers. When set to IE, SQR generates HTML designed
for Internet Explorer. When set to NETSCAPE, SQR generates HTML designed for
Netscape.
Note: This flag is only applicable when the -PRINTER:EH
flag is specified.

-EH_CSV generates a {report}.csv file from the report data.
Note: This flag is only applicable when the -PRINTER:EH
or -PRINTER:EP flag is specified.

-EH_CSV:file associates the CSV icon with the specified file.
Note: This flag is only applicable when the -PRINTER:EH or -PRINTER:EP flag is
specified.
-EH_CSVONLY creates a CSV file but does not create a HTML file.
-EH_FULLHTML:xx specifies the level of the generated Enhanced
HTML code. This can be 30, 32 or 40.
Note: This flag is only applicable when the -PRINTER:EH flag is specified.
Note: For upward compatibility a value of TRUE is equivalent to 40 and FALSE is
30.
-EH_Icons:dir specifies the directory where the HTML should look
for the referenced icons.
-EH_IMAGES:dir specifies the directory path for the .GIF files
used by the Navigation Bar.
-EH_KEEP copy not move the files when used in conjunction with EH_ZIP.
-EH_LANGUAGE:xx sets the language used for the HTML navigation bar.
You can specify English, French, German, Portugese or Spanish.
-EH_PDF associates a PDF icon with {report}.pdf in the
navigation bar.
-EH_Scale: sets the scaling factor from 50 to 200.
-EH_XML:file associates the XML icon with the specified file.
-EH_ZIP[:file] moves the generated files to the specified file or
{report}.zip if {file} is not specified.
-F[file | directory] overrides the default output file name, program.lis.
The default action places the program.lis in the same directory as the program.sqr file.
To use the current directory, specify -F with the new name. If the new name does not
specify a directory, the file will be created in the current directory. The output
file is not created until data is actually printed on the page. If no data is
printed, no output file is created.
-Idir_list specifies the list of directories that SQR will search
when processing the #INCLUDE directive if the include file does not exist in the
current directory and no path was specified for the file. The directory names must
be separated by either commas (,), or semicolons (;). Always append the directory
character to the end of each directory name.
Note: Make sure you include the directory character (backslash) at
the end of the path. If you do not include the backslash, you will receive the following
error: SQR 4713 Cannot open the #INCLUDE file
-KEEP creates .SPF file output in addition to .LIS files, for each
report that your program generates.
-LL{s | d}{c | i} LOAD-LOOKUP: s =SQR,d =DB,
c = case-sensitive,i =case-insensitive.
-Mfile defines a startup file containing sizes to be assigned to
various internal parameters in extra small or large or complex reports.
-NOLIS prevents the creation of .LIS files. Instead .SPF files
are generated.
-O[file] directs log messages to the specified file or to program.log
if no file is specified. By default, the file sqr.log is used in the current working
directory.
-PRINTER:xx Causes printer type xx to be used when creating output
files:
xx             Printer Type           Example
EH              Enhanced HTML-PRINTER:EH
EP              Enhanced HTML
	       and PDF         -PRINTER:EP
HP              HP LaserJet     -PRINTER:HP
HT              HTML            -PRINTER:HT
LP              Line Printer-PRINTER:LP
PD              PDF                     -PRINTER:PD
PS              PostScript      -PRINTER:PS
WP              Windows         -PRINTER:WP

Types LP, HP and PS produce files with the .LIS extension. Types
EH and HT produce .htm file output. Type HT produces
version 2.0 HTML files with the report content inside of PRE tags. Type EH
produces reports in which content is fully formated with version 3.0 or 3.2 HTML tags.
On Windows systems, type WP sends the output to the default Windows
printer. To specify a non-default Windows printer, enter -PRINTER:WP:{Printer Name}.
The {Printer Name} is the name assigned to your printer. For example, to send output
to a Windows printer named NewPrinter, you would use Printer:WP:NewPrinter.
If you have spaces in your printer name, enclose the entire argument in double quotes.
Type PD produces a PDF 1.1 compliant file. When -PRINTER:PD
is used, PRINT-DIRECT, PRINT ...Code, and Print with CODE-PRINTER commands aree
processed but ignored. If you also want to create an .SPF file, use -KEEP.
-RS saves the program in a run-time file. The program is scanned and
checked for correct syntax. Queries are validated. Then, the executable version is
saved in a file with the name program.sqt. Note that ASK variables are not prompted
for after compilation.

-RT uses the run-time file saved with the -RS flag.
All syntax and query checking is skipped and processing begins immediately. Note that
ASK variables are not prompted for after compilation.

-S requests that the status of all cursors be displayed at the end
of the report run. Status includes the text of each SQL statement, number of times
each was compiled and executed, and the total number of rows selected. This information
can be used for debugging SQL statements and enhancing performance and tuning.

-Tnn specifies that you want to test your report for nn pages.
All ORDER BY clauses in SELECT statements are ignored to save time during
testing. If the program is producing more than one report, SQR stops after the
specified number of pages defined for the first report have been output.

-TB (Windows/DB2) -TB trims trailing blanks
from database character columns.
-TZ (Windows/DB2) -TZ trims trailing zeros from
the decimal portion of numeric columns.

-XC (Callable SQR) suppresses the database commit when the report
has finished running.
-XCB (Windows) do not use the communication box. Requests for
input will be made in Windows dialog boxes.
-XI do not allow use interaction during a program run. If an ASK
or INPUT command requires user input then produce an error and exit.
-XL prevents SQR from logging on to the database. Programs run
in this mode cannot contain any SQL statements. -XL lets you run SQR without
accessing the database. You must still supply at least an empty slash (/) on
the command line as a placeholder for the connectivity information
-XLFF prevents SQR from generating a trailing form feed after
the last page has been executed.
-XMB (Windows) disables the error message display so that a
program can be run without interruption by error message boxes. Error messages
will only be sent to an .err file.
-XNAV prevents SQR from creating the 'Navigation Bar' in .HTM files
generated with the -PRINTER:HT. This will occur when only a single .HTM file is
produced. Multiple .HTM files generated from a single report will always contain
the 'Navigation Bar'.
-XTB preserves the trailing blanks in an .LIS file at the end
of a line.
-XTOC prevents SQR from generating the Table Of Contents for
the report. This flag is ignored when either -PRINTER:EH, -PRINTER:HT or
-PRINTER:EP is also specified.
-ZIF sets the full path name of the SQR initialization file,
SQR.INI
-ZIV invokes the SPF Viewer after generating program.spf file.
This flag implicitly invokes the -KEEP flag to create program.spf. In case of
multiple output files, only the first report file will be passed to the Viewer.
-ZMF{file} specifies the full path of the SQR error message file,
sqrerr.dat
-ZRF{file} sets the full path name of an alternate registry.properties
file. The registry.properties file lists data sources that SQR Server can access.
The information in the registry.properties file makes it possible for SQR Server
to access SAP R/3.

Parameters

pars - report parameters for ASK and INPUT commands
@file - file containing report parameters, one per line.

Process Data and Where Do You Set It / Journal Edit Fails for Some Ledger Groups

Set up Financials/ Supply Chain> Business Unit relate>General Ledger, Open Periods> Open Period Update.

Set up Financials/Supply Chain>Business Unit Related> General Ledger> General Ledger Definition Second page…is process date filled in?
change it to a valid date per the detail calendar being used.

When the process tried to used that date as the posting date, it failed edit agains the open periods/calendar set up. The errors received includedNo fiscal year and accounting period is defined in the calendar for the journal date, The journal date is not in an open period of this ledger, Adjustment period is not open.

To explain where Process date gets set refer to chapter 3 of the GL peoplebooks.
On the journal processing options of the General ledger definition page.
Setting up Financials/Supply Chain, Business Unit Related, General Ledger, General Ledger Definition, Second page- Journal processing options. You can define the process date or define it to come from the open period from /and or open period to dates.

Journal Process Date
Specify how processes determine the process date for journals. The Journal Post (GLPPPOST) and Journal Generator (FSPGJGEN) processes and many other general ledger processes support the use of the Process Date option. Valid values are:

Current Date: For general ledger processes that use Process Date in their run controls, select this option to use the date at the time that the batch process runs.

Process Date: Use a date that you specify in the next field for all journals in the batch. The system only permits you to enter a working calendar day. Before you run any processes that use a process date, you can use the Maintain GL BU Process Date (maintain general ledger business process date) process to perform a mass update of the journal process date. You can run this process for an individual business unit, a range of business units, or all business units.

Process Date
Specify a process date.

Journal Date Open To Date
When the journal date is greater than the open to date, choose to either recycle the journal or to change the journal date to the open to date.

Allow Different Unpost Date
Select to enable users to specify an unpost date for a posted journal. This date becomes the journal date for the unpost journal when the original journal is unposted. The unposting journal carries its original journal date in the UNPOST_JRNL_DATE field. The default is not to allow unpost dates. Related journals:

For interunit journals, users cannot change an unpost date if any of the business units are not enabled for this. Otherwise, all journals in the set use the user-specified date.

For suspense correction journals, the system uses the same date as the base journal.

For reversals, the system uses the original journal date unless the period is closed. There is a runtime option for reversal journal date in the event that the origina