887 ipsec+gre+ospf models and licenses
I'm choosing router for brunch office among this models - 887VA-SEC-K9 or 887VA-K9. I want this router to can IPSEC site-to-site, GRE-tunnels and OSPF. I read the datasheet but I haven't understood several things about this model so I can't choose a right model. The datasheet says that default software is Advanced Security Feature Set for all 887 routers which supports IPSEC and GRE. Then I don't understand what are differences between 887VA-SEC-K9 or 887VA-K9? What does the word "SEC" mean? The second things aren't understood - I want the router to support OSPF. The Advanced IP Services can do it but there is two options too - SL-880-AIS and L-SL-800-SEC-K9. What are differences between them?
What should I choose to implement IPSEC-GRE-OSPF among this models and licenses?
The ASR1004 router we can only send packets with a maximum MTU size of 1438 Bytes over the encrypted tunnel.
Similar Messages
-
ASR - IPSEC, GRE, channel group, and MTU Questions
I have an ASR1004 and am trying to load-balance a 1.5G data rate over two 1-Gig ports using IPSEC ports, but I have a few questions.
1. Can GRE support a 9K mtu
2. Can you run IPSEC on a channel-group
3. Can the ASR load-balance per- S&D on a channel-group?
I currently have two separate tunnels, one on each outbound gig link with OSPF running. However, I can't get a 7000 mtu w/ the DF bit set through to the distant end. I am guessing this is because of the GRE interface.
So is it possible to run IPSEC on a channel-group and have this load balance per S&D? I need to use the BW of both ports.
Thanks for the help!The ASR1004 router we can only send packets with a maximum MTU size of 1438 Bytes over the encrypted tunnel.
-
GRE IPSec between Cisco 2811 and FortiGate 110C
Hello,
Does anybody know if it is possible to configure GRE IPSec tunnel between Cisco 2811 router and FortiGate 110C firewall? I know that FortiGate supports IPSec and GRE tunnels, but maybe somebody succeeded in establishing an IPSec GRE between those routers? Could you also give a link to the appropriate documentation if it is possible?Hi,
You can configure the GRE tunnel on the 2811.
I'm aware that you can configure sort of a GRE tunnel on the Fortinet as well, but I have not seen a GRE tunnel between a Cisco and other vendor.
I've only seen GRE tunnels between Cisco devices (however I have not tried it to assure you that it will not work :-()
Federico. -
Remote site redundancy IPSEC VPN between 2911 and ASA
We already have IPSEC VPN connectivity established between sites but would like to introduce some resilience/redundancy at a remote site.
Site A has an ASA with one internet circuit.
Site B has a Cisco 2911 with one internet circuit and we have established site-to-site IPSEC VPN connectivity between the 2911 and the ASA.
Prior to getting the new internet circuit, Site B had a Cisco 877 with an ADSL line which are still available but aren’t currently in use.
The internet circuit at Site B has dropped a few times recently so we would like to make use of the ADSL circuit (and potentially the 877 router too) as a backup.
What is the best way of achieving this?
We thought about running HSRP between the 877 and 2911 routers at Site B and, in the event of a failure of the router or internet circuit, traffic would failover to the 877 and ADSL.
However, how would Site A detect the failure? Can we simply rely on Dead Peer Detection and list the public IP address of the internet circuit at Site B first with the public IP address used on the ADSL line second in the list on the ASA? What would happen in a failover scenario and, just as important, when service was restored – I’m not sure DPD would handle that aspect correctly?
I’ve read briefly elsewhere that GRE might be best to use in this scenario – but I can’t use GRE on the ASA. I have an L3 switch behind the ASA which I may be able to make use of? But I don’t want to disrupt the existing IPSEC VPN connectivity already established between the ASA and the 2911. Can I keep IPSEC between the ASA and 2911 but then run GRE between the L3 switch and the 2911? If so, how would this best be achieved? And how could I also introduce the 877 and ADSL line into things to achieve the neccessary redundancy?
Any help/advice would be appreciated!Hello,
I don't think GRE tunnel that you could set up on the switch behind ASA would be really helpfull. Still site-2-site tunnel you want to establish between ASA and some routers, but still it is ASA which needs to make decision about which peer to connect to.
Possible solution would be to do HSRP between both routers on LAN side and with two independent tunnels/crypto maps (one on each of them). On ASA you would need to set up two hosts in set peer. Problem of this solution is that if one router at side B is going to go down and second ADSL line will take over ASA will not do preempt after you main Internet connection is up again. This would happen after ADSL Internet connection will be down.
Solution to that would be to assign two different public IP addressess on two different interfaces of ASA. Then you attach two crypto maps to both interfaces and by using sla monitor (let's say icmp to main router, if it does not respond then you change routing for remote LAN to second interface) you are selecting which crypto map (with one peer this time) should be used.
I hope what I wrote makes some sense. -
B1 Web Services and license?
hi all,
Does anyone know about B1 Web Services and license?
How does the license calculated?
Meaning that each time user login to B1 Web Services need license same as SAP B1 2007?
Or any user can login as free?
Thank you.
Best Regards,
dannyHi Danny,
here is the license request link and the link provides info about your question:
1. https://websmp202.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000548322&_SCENARIO=01100035870000000183
2.
https://websmp202.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000705857&_SCENARIO=01100035870000000183&_ADDINC=011000358700001192682007E&_OBJECT=011000358700000406422008E
3.FAQ
https://websmp202.sap-ag.de/~sapidb/011000358700001571522005E
you could also read the license guide that can also be downloaded from the link.
Another info from 1st link is ;
* Effective: May 1st 2008
New limited user licenses
Entry-level user remains
Add-On Access User is being replaced by the new Indirect Access User
No changes to the professional user
No changes to 'named user' concept
No changes to the existing CRM Web User, E-Commerce server and existing development tools
New discount model aligned with drive to SAP Business One sweet spot
Existing Professional user price remain
Rgds, -
Hello all,
We are currently looking at the option to use SAP Portal and MS sharepoint. Each ones can be reciprocally producer and consumer. I still have somes questions about connectors and licensing fees.
I estimate I can use WSRP to share web services between them and WEBDAV to share others documents coming from content management. Is that right ?
Is there any additional licensing fees ?
I have the same licensing fees question for using SAP .NET Connector in development use ? and for runtime use ?
Thanks for your feedback
AlainHi Vishal
I guess you are talking about Business Connectors and XI.
If that is the case, the differences are,
SAP XI belongs to SAP Netweaver Technology, whereas BC is an Integration tool provided by Webmethods.
SAP XI is based on a model called "Hub & Spoke" and Business Connectors are "point to point". So by using XI, what happens is that you do not redesign Solutions once again.
With XI you save the entire integration knowledge of a collaborative process centrally in SAP XI: Objects at design time in the Integration Repository and objects at configuration time in the Integration Directory. In this way, SAP Exchange Infrastructure follows the principle of shared collaboration knowledge: You no longer need to search for information about a collaborative process in each of the systems involved, but can call this information centrally instead. This procedure considerably reduces the costs for the development and maintenance of the shared applications.
Also SAP XI comes with pre-configured solutions bundled along with it, so you can straight-away use the solution instead of redesigning.
Also i believe SAP XI is integrated as a required solution for some new mySAP solution like SRM, there are some scenarios within SRM requires SAP XI to be used and we cannot use BC's there.
But incase if you do not have multiple systems connected and communication is between just 2 systems, BC should be sufficient, instead of investing on XI.
But i guess slowly SAP will be stopping its support for BC, as SAP XI can do everything that BC does and even much more.
cheers
Sameer -
Windows Replication RPC Problems with IPSec GRE Tunnel
We have been having significant issue in troubleshooting random RPC errors with our directory controllers (MS AD 2008R2) and our distributed file shares. Both services will randomly stop working, throwing RPC errors as the resulting cause. We have been all over both Cisco and Microsoft forums in trying to troubleshoot this problem. I'm trying to the Cisco forums first to see if anyone has any network layer thoughts as to best practices or ways to configure the tunnel.
Our network is simple: two small branch offices connected to each other with two Cisco 2901 ISRs. An IPSec GRE tunnel exists between both offices. Interoffice bandwidth is approximately 10mbps. Pings between offices work, remote desktop works most of the time, file transfers work, and DNS lookups work across both locations. We really don't have a complicated environment, I'd think it wouldn't be too hard to set up. But this just seems to be escaping me. I can't think of anything at the network layer that would be causing problems but I was curious whether anyone else out there with knowledge of small office VPNs might be able to render some thoughts on the matter.
Please let me know if there is anything further people need to see. My next step is MS forums but I wanted to eliminate layer 3 first.
Tunnel Config:
crypto map outside_crypto 10 ipsec-isakmp
set peer x.x.x.x
set transform-set ESP-AES-SHA
match address 102
crypto ipsec df-bit clear
interface Tunnel0
bandwidth 10240
ip address x.x.x.x x.x.x.x
no ip redirects
ip mtu 1420
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1375
tunnel source GigabitEthernet0/0
tunnel destination x.x.x.x
crypto ipsec df-bit clear
endHi,
Based on the third-party article below, you can setup VPN connection between Windows VPN client and Cisco firewall:
Step By Step Guide To Setup Windows 7/Vista VPN Client to Remote Access Cisco ASA5500 Firewall
What is the Windows server 2008 R2 for, a RADIUS server? If yes, maybe the links below would be helpful to you:
RADIUS: Configuring Client VPN with Windows 2008 Network Policy Server (NPS) RADIUS Authentication
Configuring RADIUS Server on Windows 2008 R2 for Cisco Device Logins
RADIUS authentication for Cisco switches using w2k8R2 NPS
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best regards,
Susie -
SQL Server number of processors limitation and licenses
In the following link by Microsoft they are showing the number of processors one instance of SQL Server is limited to use
Compute Capacity Limits by Edition of SQL Server
And also they are saying:
"These limits apply to a single instance of SQL Server. They represent the maximum compute capacity that a single instance will use. They do not constrain the server upon which the instance may be deployed. In fact deploying multiple instances of SQL
Server on the same physical server is an efficient way to use the compute capacity of a physical server with more sockets and/or cores than the capacity limits below."
My question:
Does this implies that when I licenses the server I licenses all server processors once regardless of the number SQL Server instances installed on that one server.
For example if I have one server that has 32 cores. I have to buy licenses for all 32 cores once with amount X, but I can install as much instances as I want and the amount X will remain X, and it will not be:
X * number of instances installed
... is this true ?Thanks Diramoh...
Just to make sure that you've answered what I've
exactly asked about:
ONLY under [Server+CAL] licensing model: If I paid amount X for license, this amount will NOT defer depending on
the number of SQL Server instances installed on ONE OS.
Example: if I paid 1000$ for licensing a server under
[Server+CAL] licensing model, and I installed 1 instance of SQL Server, those 1000$ will remain 1000$ even if I install another two SQL server instances on the same OS where the 1st is installed.
Under Core-Base licensing model: If I paid amount X for licensing SQL Server on Y number of cores on ONE OSE, then I installed another N number of SQL Server on that same OSE, then the total amount for licensing will be X * N.
Example: if I paid 1000$ for licensing SQL Server Standard under Core-base licensing model on 4 core machine that has MS Windows Server 2008 R2, then I installed another SQL Server Standard edition on that same Windows Server, the total amount of licensing
will be 1000$ * 2 = 2000$
Please confirm the above two points are correct and that that what you meant to say.
Note: The numbers in the examples are just for example :) -
Error in creation of model and version
Hi experts,
While I m trying to create Model and Version SAP demo systems, it is showing me error " Live cache is not availble".
Should I copy a planning version to new or should I contact basis team for that? It is also not allowing me to create new LC connection.
I am attaching screen shots. Please help.Hi All,
BASIS guy have configured Live Cache. We have started live Cache succesfully.
Still facing problem in Version stating that an error occured in Live cache.
Kindly help.
Attaching screen shot below. -
Copy data models and reports from BW 3.1 to NW 2004s
Hi experts,
Our client has two BW servers: BW 3.1 and BI 7. BW 3.1 contains lots of data models and reports. And the BI 7 server is newly installed.
Now we want to copy these data models and reports from BW 3.1 to the new BI 7 server. Are there any solutions for this?
Thank you very much in advance.Hi Frank,
Sounds like a cross version transport is needed.
This is a solution we have used to do what you want to do:-
Create and release a transport as per normal.
Copy and transport the files from the source system (BW 3.1) e.g /usr/sap/trans/data & /usr/sap/trans/cofiles to the same folders on the target system.
Basis help is needed here.
From here onwards using stms_import should help you in the normal manner.
Works a treat.
Have transported the following all correctly appearing as 3.x data models in NW2004s.
DSO objects.
Cubes
Transfer/Update rules
Reports.
Cheers,
Pom -
I have a MacAir, mid 2011 model, and want to view video on my TV. I see that I need a mini display port to Hdmi but there are many of these. What exatly do I need and how does one go about viewing a movie downloaded to the MacAir on a TV screen?
Welcome to Apple Support Communities
That's exactly what you need. A Mini DisplayPort to HDMI adapter and a HDMI cable. See > http://support.apple.com/kb/HT4241?viewlocale=en_US
This is the only way to view a video on the TV. After connecting your MacBook Air to the TV, image on your TV should show immediately. Then, press Command and F1 keys to mirror your MacBook Air display, and open the video -
I have a Power Mac G4 double mirrored model and everytime I shut it off it will not go on when I hit the power on/off button again. However, if I unplug and plug in the power cord it boots fine and everything is OK. The PMU and logic board have been reset. Sometimes my Mac goes on just by pressing the power on button but most times I have to pull the power cord and put it back in. Any ideas or help out there for this? Could it be a failing power supply? Apple Care says that this model is obsolete so there is no help from there. John
<E-mail Edited by Host>Hi John,
That's often a sign of a bsad Capacitor in the Power Supply, but...
Might be time to replace the PRAM Battery, 4 years is close to their lifespan, far less if ever without AC power, & can cause strange startup problems...
http://eshop.macsales.com/item/Newer%20Technology/BAA36VPRAM/ -
Install instructions for Search Modeler and integrating with Apps 11i
Below are all the steps I took for creating integrating Search Modeler with an Oracle E-Business Suite 11.5.10.2 ATG RUP 7 instance called ERNIE.
Much thanks to Oracle Support ( Rajesh Ghosh, Vikas Soolapani and Roger Ford), as this simply wouldn't have been possible without them.
There are a few things in this document that may not be pertinent to your environment if you're doing this. I've made attempts to clarify those possibly optional sections in the documentation.
I've broken the document down into the following multiple parts
o Setting up a new RedHat 4.8 x86 server called ausSEARCHdev (The server is in AUStin, TX, is dedicated to SEARCH, and is for our DEV environment)
o SES (Secure Enterprise Search 10.1.8.2 install
o SES 10.1.8.4 patchset install
o SES CPU patch apply
o Standalone OC4J and ADF installation
o Search Modeler installation and configuration
o Configure ERNIE Apps instance to be on valid self-signed SSL certificate
o Import ERNIE SSL certificate into SES and Search Modeler
using aussearchdev initially
rh4 x86, default oracle build
** htop and collectl are open source free performance monitoring packages we utilize**
--start
install htop and collectl
wget http://dag.wieers.com/rpm/packages/htop/htop-0.7-1.el4.rf.i386.rpm
rpm -ivh htop-0.7-1.el4.rf.i386.rpm
wget http://downloads.sourceforge.net/project/collectl/collectl/collectl-3.4.0-4/collectl-3.4.0-4.noarch.rpm?use_mirror=voxel
rpm -ivh collectl-3.4.0-4.noarch.rpm
chkconfig collectl on
service collectl start
**We still need to install the necessary rpms so that collectl logs are compressed
--end
useradd -u 501 oracle
groupadd -g 504 dba
usermod -G 504 oracle
verification:
[root@aussearchdev ~]# su - oracle
[oracle@aussearchdev ~]$ id
uid=501(oracle) gid=501(oracle) groups=501(oracle),504(dba)
passwd oracle
** /mnt/oraclebackup is a network dumpspot we use to hold Software installs, RPMs, etc
** /mnt/rpms is a network dumpspot we use to hold ISOs for OS software such as Redhat Linux
mkdir /mnt/oraclebackup
mkdir /mnt/rpms
add the following to /etc/fstab
XXXXXXX:/patches/oraclebackup /mnt/oraclebackup nfs defaults,hard,nolock 0 0
XXXXXXX:/esxpress/nfs /mnt/rpms nfs rw,addr=XXX.XXX.XXX.XXX 0 0
mount /mnt/rpms
Next need to install various oracle needed RPMs.
cd /mnt/rpms/rh40_upd8/RedHat/RPMS/
rpm -ivh perl-Compress-Zlib-1.42-1.el4.i386.rpm
rpm -ivh libaio-devel-0.3.105-2.i386.rpm
rpm -ivh sysstat-5.0.5-25.el4.i386.rpm
rpm -ivh unixODBC-devel-2.2.11-1.RHEL4.1.i386.rpm
service collectl restart
cd /tmp
wget http://oss.oracle.com/el4/oracle-validated/oracle-validated-1.0.0-18.el4.i386.rpm
rpm -ivh oracle-validated-1.0.0-18.el4.i386.rpm
Now we should have all the RPMs we need.
cd /etc/sysconfig/oracle-validated
./oracle-validated-verify
cd /var/log/oracle-validated/results
more orakernel.log
uname -a
should return 2.6.9 or higher
rpm -qa|grep gcc-
should return 3.4.3 or higher
rpm -qa|grep glibc
should return 2.3.4-2.9 or higher
rpm -qa|grep make
should return 3.80 or higher
rpm -qa|grep binutils
should return 2.15.92.0.2 or higher
rpm -qa|grep openmotif
should return 2.2.3-9.RHEL4.1 or higher
rpm -qa|grep compat-db
should return 4.1.25-9 or higher
rpm -qa|grep setarch
should return 1.6-1 or higher
cat /proc/sys/kernel/sem
should return 250 32000 100 128 or higher (250 32000 100 142 in our case)
cat /proc/sys/kernel/shmall (1073741824 in our case)
should return 2097152 or higher
cat /proc/sys/kernel/shmmax
should return half the size of physical memory (4294967295 in our case - NO LARGER on 32-bit OS)
cat /proc/sys/kernel/shmmni
should return 4096
cat /proc/sys/fs/file-max
should return 65536 (327679 in our case)
cat /proc/sys/net/ipv4/ip_local_port_range
should return 1024 65000
values in /etc/security/limits.conf set by oracle-validated rpm, no changes necessary
add the following line to /etc/pam.d/login
session required /lib/security/pam_limits.so
add the following to /etc/profile
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
mkdir -p /d01/oracle
chmod 777 /d01/oracle
init 6 the box (aka reboot)
Time to start the SES 10.1.8.2 installer
running SES 10.1.8.2 installer
as oracle
cd /mnt/oraclebackup/deathstar_patches/SES/SES10182
./runInstaller
search server name sesprod
administrative password XXXXXXXX for dev,
http port 7777
destination path /d01/oracle/10.1.8/sesdev (dev)
data storage path /d01/oracle/sesdevdata (dev)
next
inventory /d01/oracle/oraInventory
dba group
run orainstroot.sh as requested
continue
all tests should pass, continue
finished clean
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
Now we need to get to 10.1.8.4 of SES
(yes, you need to keep the system up)
cd /mnt/oraclebackup/deathstar_patches/SES/SES10184/ses_10184pst_linux/
./runInstaller
Destination, choose sesdev
Next
Patchset successful
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
Apply CPU Patch to SES
CPU JAN 10 says patch 9119261 is required - but patch requires extended support contract
CPU OCT 09 says patch 8836540 is required - but patch requires extended support contract
CPU JUL 09 says patch 8534394 is required - but patch requires extended support contract
CPU APR 09 says patch 8290534 is required - and you can actually download it
Need opatch from 6880880
cp -r /mnt/oraclebackup/deathstar_patches/SES/CPUAPR09/OPatch $ORACLE_HOME
export PATH=$ORACLE_HOME/OPatch:$PATH
shut down everything
cd $ORACLE_HOME/bin
./searchctl stopall
cd /mnt/oraclebackup/deathstar_patches/SES/CPUAPR09/8290534
opatch apply
cd $ORACLE_HOME/cpu/CPUApr2009
**Note: your sys password is what you set for your administrative password above
sqlplus "sys/XXXXXX" as sysdba;
startup
@catcpu
@?/rdbms/admin/utlrp
shutdown immediate
exit
cd /d01/oracle/10.1.8/sesdev/cpu/view_recompile/
sqlplus "sys/XXXXXXX" as sysdba;
startup upgrade;
@view_recompile_jan2008cpu.sql
@?/rdbms/admin/utlrp
shutdown immediate
cd /d01/oracle/10.1.8/sesdev/jdk/jre/lib/ext
mv mail.jar $HOME/mail.jar.backup02222010
mv mailapi.jar $HOME/mailapi.jar.back02222010
cp /d01/oracle/10.1.8/sesdev/search/lib/mail.jar .
SES 10.1.8.4 is now installed and updated with latest available CPU
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
we're going to go with the standalone OC4j 10.1.3.3 and Oracle ADF 10.1.3.3 method
The URLs for these products are
http://blogs.oracle.com/ebssearch/2009/10/available_now_oracle_search_modeler_11_for_oracle_e-business_suite_11i.html
and specifically
OC4J - http://download.oracle.com/otn/java/oc4j/101330/oc4j_extended_101330.zip
ADF - http://www.oracle.com/technology/software/products/jdev/htdocs/adfinstaller10133.html
OC4J install
First you need to have Java 1.5 on the machine. Latest is 1.5.0_22. Package is in /mnt/oraclebackup/deathstar_patches/SES
as root on aussearchdev
cd /usr/local
cp /mnt/oraclebackup/deathstar_patches/SES/jdk-1_5_0_22-linux-i586.bin .
chmod 700 jdk-1_5_0_22-linux-i586.bin
./jdk-1_5_0_22-linux-i586.bin
yes
install OC4J just by copying over the directory
as oracle on aussearchdev
mkdir -p /d01/oracle/oc4j
cd /d01/oracle/oc4j
cp -r /mnt/oraclebackup/deathstar_patches/SES/oc4j/* .
ADF install
vi /mnt/oraclebackup/deathstar_patches/SES/adf/adfinstaller.properties
change the following
OracleHome = /mnt/oraclebackup/deathstar_patches/SES/adf
DesHome = /d01/oracle/oc4j/
type = OC4J
as root
cd /usr/bin
rm java
(yes)
ln -s /usr/local/jdk1.5.0_22/bin/java
su - oracle
java -version should now return 1.5.0_22
export JAVA_HOME=/usr/local/jdk1.5.0_22
cd /mnt/oraclebackup/deathstar_patches/SES/adf
java -jar runinstaller.jar -version
returns The version for the ADF libraries being installed is 10.1.3.41.57 - yes, that is apparently 10.1.3.3.
java -jar runinstaller.jar adfinstaller.properties
output looks good, do not be concerned by
WARNING: 'Could not delete: /d01/oracle/oc4j/BC4J/redist/bc4j' whilst deleting bc4j application
WARNING: 'Could not delete: /d01/oracle/oc4j/BC4J/redist/datatags' whilst deleting datatags application
as it was trying to delete the old version that didn't exist
Start OC4J
as oracle on aussearchdev
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
cd $ORACLE_HOME/bin
./oc4j -start
you will be prompted for password - we're setting it. use XXXXXXXXXX
after it's up, kill it (ctrl-c) and restart it with
nohup ./oc4j -start &
last lines in nohup.out is
Starting OC4J from /d01/oracle/oc4j/j2ee/home ...
10/02/23 03:22:38 Oracle Containers for J2EE 10g (10.1.3.3.0) initialized
So now on to search modeler installation, going by Installation steps in Note 781366.1
8326128 - This is not a patch to be applied to the Apps, keep reading
as oracle on aussearchdev
cd /mnt/oraclebackup/deathstar_patches/SES/8326128
mkdir -p /d01/oracle/oc4j/uploaded
vi build.properties, changing
installation.type=OC4J
oracle.home=/d01/oracle/oc4j
deploy.server=aussearchdev.domainname.com
deploy.port=23791
web.port=7777
password=XXXXXXXXX
extra.classpath=/d01/oracle/oc4j/uploaded
now set the following environment values in your ssh session
export ORACLE_HOME=/d01/oracle/oc4j
export JAVA_HOME=/usr/local/jdk1.5.0_22
export PATH=$ORACLE_HOME/ant/bin:$ORACLE_HOME/bin:$PATH
ant main
whole bunch of stuff to screen, errors due to undeploy something that doesn't exist. Finished after a minute with
BUILD SUCCESSFUL
Total time: 58 seconds
Now on to post install steps
restart OC4j
cd $ORACLE_HOME/bin
./modeler.sh -shutdown -port 23791 -password r*l*r*0*
export ORACLE_HOME=/d01/oracle/oc4j
export JAVA_HOME=/usr/local/jdk1.5.0_22
export PATH=$ORACLE_HOME/ant/bin:$ORACLE_HOME/bin:$PATH
nohup ./modeler.sh -start &
end of nohup.out should show
Starting OC4J from /d01/oracle/oc4j/j2ee/home ...
Try going to http://aussearchdev:8888/modeler/faces/ModelerHome.jsp
Should get login screen, but wait, we haven't installed Oracle Apps interface yet...
Next let's do the Apps side of things
Going by note 953378.1
Using ERNIE (a development instance of E-Business Suite running 11.5.10.2 ATG RUP 7)
as applmgr on ausernieapp (ausernieapp is our app tier)
shut down apps services
apps patch 8225631
verify all the pre-req patches are in ERNIE
select * from ad_bugs where bug_number = '5903765';
select * from ad_bugs where bug_number = '6372396';
select * from ad_bugs where bug_number = '3219567';
select * from ad_bugs where bug_number = '3264822';
select * from ad_bugs where bug_number = '3261254';
select * from ad_bugs where bug_number = '5161676';
select * from ad_bugs where bug_number = '3036401';
select * from ad_bugs where bug_number = '3263588';
select * from ad_bugs where bug_number = '3264818';
select * from ad_bugs where bug_number = '3218526';
select * from ad_bugs where bug_number = '3263645';
select * from ad_bugs where bug_number = '4206794';
select * from ad_bugs where bug_number = '3262486';
select * from ad_bugs where bug_number = '3261243';
select * from ad_bugs where bug_number = '2614213';
select * from ad_bugs where bug_number = '3262159';
select * from ad_bugs where bug_number = '2819091';
select * from ad_bugs where bug_number = '3412795';
patch went in smooth
Log in to ERNIE Apps GUI as sysadmin user responsibility
Give users such as sysadmin FND Search Crawler responsibility
Go to system profile options, set
set FND: Search Enabling Flag to Y at site level
as applmgr on ausernieapp
cd /d01/oracle/ernieappl/fnd/11.5.0/patch/115/sql
sqlplus apps/$APPS_PWD @AFSRCHCF
Enter SES endpoint URL [e.g. http://ap637atg.us.oracle.com:7780]: http://aussearchdev.domainname.com:7777
Enter Apps Admin username [e.g. sysadmin]: sysadmin
Enter Apps Admin password: sysadmin_password
Enter SES Admin username [e.g. eqsys]: eqsys
Enter SES Admin password: eqsyspassword <-- This is the same as sys's password
on aussearchdev as oracle
had to kill modeler and start all the processes, so
kill -9 the modeler oc4j process, then
cd $ORACLE_HOME/bin
./searchctl startall
enter the password when prompted
in IE browser go to
http://aussearchdev.domainname.com:7777/search/admin
log in with eqsys password
global settings tab
identity management setup
click circle next to oracle.search.plugin.security.identity.ebs.EBS12IdentityPliginMgr
(yes, we're going with 12 even though we use Oracle Apps 11i)
http end point https://ausernieapp.domainname.com:8443/webservices/AppSearch/SecurityService
username sysadmin
password XXXXXXX
finish
Global Settings
Federation Trusted Entitites
####entity name sysadmin
####Entity Password XXXXXXXX
According to web conference with Oracle, this should NOT be eqsys but instead be sysadmin from above.
Select the Use Entity Plug-in for authentication check box
add
Trying to go to http://aussearchdev.domainname.com:7777/search/query/search and login (sysadmin / password)
stop midtier on both SES and Apps
cd $ORACLE_HOME/bin
./searchctl stopall
./adstpall.sh apps/$APPS_PWD on EBS app tier
start midtier on both SES and Apps
cd $ORACLE_HOME/bin
./searchctl startall
./adstrtal.sh apps/$APPS_PWD on EBS app tier
Now try and log in to Oracle SES user interface to verify the configuration
http://aussearchdev.domainname.com:7777/search/query
Now start up modeler again
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
export PATH=$ORACLE_HOME/bin:$PATH
cd $ORACLE_HOME/bin
nohup ./modeler.sh -start &
Works now.
Now go to http://aussearchdev.domainname.com:8888/modeleradmin/AdminHome.jsp log in as oc4jadmin/XXXXXXX
Configure new target
Target Type 11i
Description ERNIE
Name ERNIE
EBS Database Host Name auserniedb
EBS Database Port 1521
EBS Database SID ERNIE
username apps
password XXXXXXXXx
oc4jadmin XXXXXXXx
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
export PATH=$ORACLE_HOME/bin:$PATH
cd $ORACLE_HOME/j2ee/home
java -jar admin_client.jar deployer:oc4j:aussearchdev oc4jadmin XXXXXXXXX -addDataSourceConnectionPool -name "ERNIE2-pool" -factoryClass "oracle.jdbc.pool.OracleDataSource" -dbUser "apps" -dbPassword "XXXXXXX" -url "jdbc:oracle:thin:@auserniedb.domainname.com:1521:ERNIE" -applicationName appsearch
java -jar admin_client.jar deployer:oc4j:aussearchdev oc4jadmin XXXXXXX -addManagedDataSource -name "ERNIEDS" -jndiLocation "jdbc/ERNIEDS" -connectionPoolName "ERNIE2-pool" -applicationName appsearch
http://aussearchdev.domainname.com:8888/modeler/faces/ModelerHome.jsp
So, creating a self signed SSL certificate for ERNIE EBS instance (this will not work if you use an SSL certificate for another server like say, PROD)
doing this on ausernieapp
openssl genrsa -des3 -out ausernieapp.key 1024
PEM key is ausernieapp
openssl req -new -key ausernieapp.key -out ausernieapp.csr
PEM key is ausernieapp
Country US
State Texas
Locality Austin
Organization Name Corporation
Organizational Unit Name Information Technology
Common Name ausernieapp.domainname.com
Email address [email protected]
No challenge password
No optional company name
Now let's remove the passphrase from the key
cp ausernieapp.key ausernieapp.key.orig
openssl rsa -in ausernieapp.key.orig -out ausernieapp.key
Now let's generate a self-signed certificate
openssl x509 -req -days 1000 -in ausernieapp.csr -signkey ausernieapp.key -out ausernieapp.crt
Install the private key and certificate
cd $IAS_ORACLE_HOME/Apache/Apache/conf/ssl.crt
cp server.crt server.crt.backup.03102010
chown applmgr:applmgr server.crt.backup.03102010
cp $HOME/ausernieapp.crt /d01/oracle/ernieora/new/iAS/Apache/Apache/conf/ssl.crt/server.crt
cd $IAS_ORACLE_HOME/Apache/Apache/conf/ssl.key/
cp server.key server.key.backup.03102010
cp $HOME/ausernieapp.key /d01/oracle/ernieora/new/iAS/Apache/Apache/conf/ssl.key/server.key
chown applmgr:applmgr server.key.backup.03102010
bounce apache as applmgr
cd /d01/oracle/erniecomn/admin/scripts/ERNIE_ausernieapp
./adapcctl.sh stop
./adapcctl.sh start
In IE
https://ausernieapp.domainname.com:8443
Continue
Click on Certificate Error next to URL bar
Install Certificate -> Next-> Place all certificates in the following store -> trusted root certificate authorities ->finish
close browser, back to https://ausernieapp.domainname.com:8443
no errors,
Next step will be to import key into the SES and Search modelers
as oracle on aussearchdev
cd /d01/oracle/10.1.8/sesdev/jdk/jre/lib/security/
cp cacerts cacerts.backup.03102010
scp root@ausernieapp:/root/ausernieapp.crt .
export LANG=c
export PATH=$ORACLE_HOME/jdk/bin:$PATH
keytool -keystore ./cacerts -storepass changeit -alias rootausernieapp -import -trustcacerts -file ausernieapp.crt
--output
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:XX:A6:05:90:F6:XX:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:XX:E1:EA:E4:75:AE:CC:4F:4A:10:2F:8A:FE:9B
Trust this certificate? [no]: yes
Certificate was added to keystore
Now load our cert
keytool -keystore ./cacerts -import -trustcacerts -file ausernieapp.crt
keytool -list -v -keystore ./cacerts now shows
Alias name: rootausernieapp
Creation date: Mar 10, 2010
Entry type: trustedCertEntry
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:CB:XX:05:90:F6:78:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:9C:CE:EA:4E:75:AE:CC:FA:9E:10:2F:8A:FE:9B
Now we need to load it into the search modeler keystore
as root on aussearchdev
export JAVA_HOME=/usr/local/jdk1.5.0_22/
export PATH=$JAVA_HOME/bin:$PATH
cd /usr/local/jdk1.5.0_22/jre/lib/security/
scp root@ausernieapp:/root/ausernieapp.crt .
output
keytool -keystore ./cacerts -import -trustcacerts -file ausernieapp.crt
Enter keystore password: changeit
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:CB:A1:05:90:F6:78:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:9C:CE:EA:4E:75:AE:CC:4F:9E:10:2F:8A:FE:9B
Trust this certificate? [no]: yes
Certificate was added to keystore
[root@aussearchdev security]#
output
For troubleshooting, if you go to end of /d01/oracle/10.1.8/sesdev/search/data/config/crawler.dat
you can modify the logLevel from the default of 4 to 2 to get better debug data. No services need to be restarted, it will become active with the next crawl.
While talking with Oracle, they mentioned the following patches
The patches identified 8321527 and 7586924 are SES patches to help with indexing
They also identified patch 9103851 which is an apps patch dealing with responsibilities <-- This is not yet available
Applying patch 7586924
as oracle on aussearchdev
cd $ORACLE_HOME/bin
./searchctl stopall
cd /mnt/oraclebackup/deathstar_patches/SES/post_patches/7586924
opatch apply
cd $ORACLE_HOME/bin
./searchctl startall
sqlplus eqsys/XXXXXX@SESDEV
define SCH_NAME=EQSYS
define PROXY_USER=EQPROXY
define INST_USER=EQ_TEST
@$ORACLE_HOME/search/admin/eq0pkh.sql
@$ORACLE_HOME/search/admin/eq0plb.sql
@$ORACLE_HOME/search/admin/eq0bug_7586924.sql
cd $ORACLE_HOME/search/data/config/
cp crawler.dat crawler.dat.backup.03102010
vi crawler.dat
We're using the Oracle E-Business Suite R12 crawler, so we will add the line
USE_IN_MEMORY_QUEUE Oracle E-Business Suite R12
as the line immediately preceding IMPORT -
so the end of the file looks like this:
# system properies: separated by space for multiple system properties or define multiple SYSTEM_PROPERTIES
# logLevel values: DEBUG(2), INFO(4), WARN(6), ERROR(8), FATAL(10)
SYSTEM_PROPERTIES -Doracle.search.logLevel=4 -Doracle.search.log=oracle.search.util.Log4jImpl
USE_IN_MEMORY_QUEUE Oracle E-Business Suite R12
IMPORT -
Now on to patch 8321527
cd /mnt/oraclebackup/deathstar_patches/SES/post_patches/8321527
cd $ORACLE_HOME/bin
./searchctl stopall
cd -
opatch apply
cd $ORACLE_HOME/bin
./searchctl startall
sqlplus eqsys/XXXXXXX@SESDEV
define SCH_NAME=EQSYS
define PROXY_USER=EQPROXY
select object_name from user_objects where status = 'INVALID';
--should be no rows selected
@$ORACLE_HOME/search/admin/eq0pkh.sql
@$ORACLE_HOME/search/admin/eq0plb.sql
--should be no rows selected
restart SES
cd -
./searchctl stopall
./searchctl startallBelow are all the steps I took for creating integrating Search Modeler with an Oracle E-Business Suite 11.5.10.2 ATG RUP 7 instance called ERNIE.
Much thanks to Oracle Support ( Rajesh Ghosh, Vikas Soolapani and Roger Ford), as this simply wouldn't have been possible without them.
There are a few things in this document that may not be pertinent to your environment if you're doing this. I've made attempts to clarify those possibly optional sections in the documentation.
I've broken the document down into the following multiple parts
o Setting up a new RedHat 4.8 x86 server called ausSEARCHdev (The server is in AUStin, TX, is dedicated to SEARCH, and is for our DEV environment)
o SES (Secure Enterprise Search 10.1.8.2 install
o SES 10.1.8.4 patchset install
o SES CPU patch apply
o Standalone OC4J and ADF installation
o Search Modeler installation and configuration
o Configure ERNIE Apps instance to be on valid self-signed SSL certificate
o Import ERNIE SSL certificate into SES and Search Modeler
using aussearchdev initially
rh4 x86, default oracle build
** htop and collectl are open source free performance monitoring packages we utilize**
--start
install htop and collectl
wget http://dag.wieers.com/rpm/packages/htop/htop-0.7-1.el4.rf.i386.rpm
rpm -ivh htop-0.7-1.el4.rf.i386.rpm
wget http://downloads.sourceforge.net/project/collectl/collectl/collectl-3.4.0-4/collectl-3.4.0-4.noarch.rpm?use_mirror=voxel
rpm -ivh collectl-3.4.0-4.noarch.rpm
chkconfig collectl on
service collectl start
**We still need to install the necessary rpms so that collectl logs are compressed
--end
useradd -u 501 oracle
groupadd -g 504 dba
usermod -G 504 oracle
verification:
[root@aussearchdev ~]# su - oracle
[oracle@aussearchdev ~]$ id
uid=501(oracle) gid=501(oracle) groups=501(oracle),504(dba)
passwd oracle
** /mnt/oraclebackup is a network dumpspot we use to hold Software installs, RPMs, etc
** /mnt/rpms is a network dumpspot we use to hold ISOs for OS software such as Redhat Linux
mkdir /mnt/oraclebackup
mkdir /mnt/rpms
add the following to /etc/fstab
XXXXXXX:/patches/oraclebackup /mnt/oraclebackup nfs defaults,hard,nolock 0 0
XXXXXXX:/esxpress/nfs /mnt/rpms nfs rw,addr=XXX.XXX.XXX.XXX 0 0
mount /mnt/rpms
Next need to install various oracle needed RPMs.
cd /mnt/rpms/rh40_upd8/RedHat/RPMS/
rpm -ivh perl-Compress-Zlib-1.42-1.el4.i386.rpm
rpm -ivh libaio-devel-0.3.105-2.i386.rpm
rpm -ivh sysstat-5.0.5-25.el4.i386.rpm
rpm -ivh unixODBC-devel-2.2.11-1.RHEL4.1.i386.rpm
service collectl restart
cd /tmp
wget http://oss.oracle.com/el4/oracle-validated/oracle-validated-1.0.0-18.el4.i386.rpm
rpm -ivh oracle-validated-1.0.0-18.el4.i386.rpm
Now we should have all the RPMs we need.
cd /etc/sysconfig/oracle-validated
./oracle-validated-verify
cd /var/log/oracle-validated/results
more orakernel.log
uname -a
should return 2.6.9 or higher
rpm -qa|grep gcc-
should return 3.4.3 or higher
rpm -qa|grep glibc
should return 2.3.4-2.9 or higher
rpm -qa|grep make
should return 3.80 or higher
rpm -qa|grep binutils
should return 2.15.92.0.2 or higher
rpm -qa|grep openmotif
should return 2.2.3-9.RHEL4.1 or higher
rpm -qa|grep compat-db
should return 4.1.25-9 or higher
rpm -qa|grep setarch
should return 1.6-1 or higher
cat /proc/sys/kernel/sem
should return 250 32000 100 128 or higher (250 32000 100 142 in our case)
cat /proc/sys/kernel/shmall (1073741824 in our case)
should return 2097152 or higher
cat /proc/sys/kernel/shmmax
should return half the size of physical memory (4294967295 in our case - NO LARGER on 32-bit OS)
cat /proc/sys/kernel/shmmni
should return 4096
cat /proc/sys/fs/file-max
should return 65536 (327679 in our case)
cat /proc/sys/net/ipv4/ip_local_port_range
should return 1024 65000
values in /etc/security/limits.conf set by oracle-validated rpm, no changes necessary
add the following line to /etc/pam.d/login
session required /lib/security/pam_limits.so
add the following to /etc/profile
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
mkdir -p /d01/oracle
chmod 777 /d01/oracle
init 6 the box (aka reboot)
Time to start the SES 10.1.8.2 installer
running SES 10.1.8.2 installer
as oracle
cd /mnt/oraclebackup/deathstar_patches/SES/SES10182
./runInstaller
search server name sesprod
administrative password XXXXXXXX for dev,
http port 7777
destination path /d01/oracle/10.1.8/sesdev (dev)
data storage path /d01/oracle/sesdevdata (dev)
next
inventory /d01/oracle/oraInventory
dba group
run orainstroot.sh as requested
continue
all tests should pass, continue
finished clean
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
Now we need to get to 10.1.8.4 of SES
(yes, you need to keep the system up)
cd /mnt/oraclebackup/deathstar_patches/SES/SES10184/ses_10184pst_linux/
./runInstaller
Destination, choose sesdev
Next
Patchset successful
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
Apply CPU Patch to SES
CPU JAN 10 says patch 9119261 is required - but patch requires extended support contract
CPU OCT 09 says patch 8836540 is required - but patch requires extended support contract
CPU JUL 09 says patch 8534394 is required - but patch requires extended support contract
CPU APR 09 says patch 8290534 is required - and you can actually download it
Need opatch from 6880880
cp -r /mnt/oraclebackup/deathstar_patches/SES/CPUAPR09/OPatch $ORACLE_HOME
export PATH=$ORACLE_HOME/OPatch:$PATH
shut down everything
cd $ORACLE_HOME/bin
./searchctl stopall
cd /mnt/oraclebackup/deathstar_patches/SES/CPUAPR09/8290534
opatch apply
cd $ORACLE_HOME/cpu/CPUApr2009
**Note: your sys password is what you set for your administrative password above
sqlplus "sys/XXXXXX" as sysdba;
startup
@catcpu
@?/rdbms/admin/utlrp
shutdown immediate
exit
cd /d01/oracle/10.1.8/sesdev/cpu/view_recompile/
sqlplus "sys/XXXXXXX" as sysdba;
startup upgrade;
@view_recompile_jan2008cpu.sql
@?/rdbms/admin/utlrp
shutdown immediate
cd /d01/oracle/10.1.8/sesdev/jdk/jre/lib/ext
mv mail.jar $HOME/mail.jar.backup02222010
mv mailapi.jar $HOME/mailapi.jar.back02222010
cp /d01/oracle/10.1.8/sesdev/search/lib/mail.jar .
SES 10.1.8.4 is now installed and updated with latest available CPU
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
we're going to go with the standalone OC4j 10.1.3.3 and Oracle ADF 10.1.3.3 method
The URLs for these products are
http://blogs.oracle.com/ebssearch/2009/10/available_now_oracle_search_modeler_11_for_oracle_e-business_suite_11i.html
and specifically
OC4J - http://download.oracle.com/otn/java/oc4j/101330/oc4j_extended_101330.zip
ADF - http://www.oracle.com/technology/software/products/jdev/htdocs/adfinstaller10133.html
OC4J install
First you need to have Java 1.5 on the machine. Latest is 1.5.0_22. Package is in /mnt/oraclebackup/deathstar_patches/SES
as root on aussearchdev
cd /usr/local
cp /mnt/oraclebackup/deathstar_patches/SES/jdk-1_5_0_22-linux-i586.bin .
chmod 700 jdk-1_5_0_22-linux-i586.bin
./jdk-1_5_0_22-linux-i586.bin
yes
install OC4J just by copying over the directory
as oracle on aussearchdev
mkdir -p /d01/oracle/oc4j
cd /d01/oracle/oc4j
cp -r /mnt/oraclebackup/deathstar_patches/SES/oc4j/* .
ADF install
vi /mnt/oraclebackup/deathstar_patches/SES/adf/adfinstaller.properties
change the following
OracleHome = /mnt/oraclebackup/deathstar_patches/SES/adf
DesHome = /d01/oracle/oc4j/
type = OC4J
as root
cd /usr/bin
rm java
(yes)
ln -s /usr/local/jdk1.5.0_22/bin/java
su - oracle
java -version should now return 1.5.0_22
export JAVA_HOME=/usr/local/jdk1.5.0_22
cd /mnt/oraclebackup/deathstar_patches/SES/adf
java -jar runinstaller.jar -version
returns The version for the ADF libraries being installed is 10.1.3.41.57 - yes, that is apparently 10.1.3.3.
java -jar runinstaller.jar adfinstaller.properties
output looks good, do not be concerned by
WARNING: 'Could not delete: /d01/oracle/oc4j/BC4J/redist/bc4j' whilst deleting bc4j application
WARNING: 'Could not delete: /d01/oracle/oc4j/BC4J/redist/datatags' whilst deleting datatags application
as it was trying to delete the old version that didn't exist
Start OC4J
as oracle on aussearchdev
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
cd $ORACLE_HOME/bin
./oc4j -start
you will be prompted for password - we're setting it. use XXXXXXXXXX
after it's up, kill it (ctrl-c) and restart it with
nohup ./oc4j -start &
last lines in nohup.out is
Starting OC4J from /d01/oracle/oc4j/j2ee/home ...
10/02/23 03:22:38 Oracle Containers for J2EE 10g (10.1.3.3.0) initialized
So now on to search modeler installation, going by Installation steps in Note 781366.1
8326128 - This is not a patch to be applied to the Apps, keep reading
as oracle on aussearchdev
cd /mnt/oraclebackup/deathstar_patches/SES/8326128
mkdir -p /d01/oracle/oc4j/uploaded
vi build.properties, changing
installation.type=OC4J
oracle.home=/d01/oracle/oc4j
deploy.server=aussearchdev.domainname.com
deploy.port=23791
web.port=7777
password=XXXXXXXXX
extra.classpath=/d01/oracle/oc4j/uploaded
now set the following environment values in your ssh session
export ORACLE_HOME=/d01/oracle/oc4j
export JAVA_HOME=/usr/local/jdk1.5.0_22
export PATH=$ORACLE_HOME/ant/bin:$ORACLE_HOME/bin:$PATH
ant main
whole bunch of stuff to screen, errors due to undeploy something that doesn't exist. Finished after a minute with
BUILD SUCCESSFUL
Total time: 58 seconds
Now on to post install steps
restart OC4j
cd $ORACLE_HOME/bin
./modeler.sh -shutdown -port 23791 -password r*l*r*0*
export ORACLE_HOME=/d01/oracle/oc4j
export JAVA_HOME=/usr/local/jdk1.5.0_22
export PATH=$ORACLE_HOME/ant/bin:$ORACLE_HOME/bin:$PATH
nohup ./modeler.sh -start &
end of nohup.out should show
Starting OC4J from /d01/oracle/oc4j/j2ee/home ...
Try going to http://aussearchdev:8888/modeler/faces/ModelerHome.jsp
Should get login screen, but wait, we haven't installed Oracle Apps interface yet...
Next let's do the Apps side of things
Going by note 953378.1
Using ERNIE (a development instance of E-Business Suite running 11.5.10.2 ATG RUP 7)
as applmgr on ausernieapp (ausernieapp is our app tier)
shut down apps services
apps patch 8225631
verify all the pre-req patches are in ERNIE
select * from ad_bugs where bug_number = '5903765';
select * from ad_bugs where bug_number = '6372396';
select * from ad_bugs where bug_number = '3219567';
select * from ad_bugs where bug_number = '3264822';
select * from ad_bugs where bug_number = '3261254';
select * from ad_bugs where bug_number = '5161676';
select * from ad_bugs where bug_number = '3036401';
select * from ad_bugs where bug_number = '3263588';
select * from ad_bugs where bug_number = '3264818';
select * from ad_bugs where bug_number = '3218526';
select * from ad_bugs where bug_number = '3263645';
select * from ad_bugs where bug_number = '4206794';
select * from ad_bugs where bug_number = '3262486';
select * from ad_bugs where bug_number = '3261243';
select * from ad_bugs where bug_number = '2614213';
select * from ad_bugs where bug_number = '3262159';
select * from ad_bugs where bug_number = '2819091';
select * from ad_bugs where bug_number = '3412795';
patch went in smooth
Log in to ERNIE Apps GUI as sysadmin user responsibility
Give users such as sysadmin FND Search Crawler responsibility
Go to system profile options, set
set FND: Search Enabling Flag to Y at site level
as applmgr on ausernieapp
cd /d01/oracle/ernieappl/fnd/11.5.0/patch/115/sql
sqlplus apps/$APPS_PWD @AFSRCHCF
Enter SES endpoint URL [e.g. http://ap637atg.us.oracle.com:7780]: http://aussearchdev.domainname.com:7777
Enter Apps Admin username [e.g. sysadmin]: sysadmin
Enter Apps Admin password: sysadmin_password
Enter SES Admin username [e.g. eqsys]: eqsys
Enter SES Admin password: eqsyspassword <-- This is the same as sys's password
on aussearchdev as oracle
had to kill modeler and start all the processes, so
kill -9 the modeler oc4j process, then
cd $ORACLE_HOME/bin
./searchctl startall
enter the password when prompted
in IE browser go to
http://aussearchdev.domainname.com:7777/search/admin
log in with eqsys password
global settings tab
identity management setup
click circle next to oracle.search.plugin.security.identity.ebs.EBS12IdentityPliginMgr
(yes, we're going with 12 even though we use Oracle Apps 11i)
http end point https://ausernieapp.domainname.com:8443/webservices/AppSearch/SecurityService
username sysadmin
password XXXXXXX
finish
Global Settings
Federation Trusted Entitites
####entity name sysadmin
####Entity Password XXXXXXXX
According to web conference with Oracle, this should NOT be eqsys but instead be sysadmin from above.
Select the Use Entity Plug-in for authentication check box
add
Trying to go to http://aussearchdev.domainname.com:7777/search/query/search and login (sysadmin / password)
stop midtier on both SES and Apps
cd $ORACLE_HOME/bin
./searchctl stopall
./adstpall.sh apps/$APPS_PWD on EBS app tier
start midtier on both SES and Apps
cd $ORACLE_HOME/bin
./searchctl startall
./adstrtal.sh apps/$APPS_PWD on EBS app tier
Now try and log in to Oracle SES user interface to verify the configuration
http://aussearchdev.domainname.com:7777/search/query
Now start up modeler again
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
export PATH=$ORACLE_HOME/bin:$PATH
cd $ORACLE_HOME/bin
nohup ./modeler.sh -start &
Works now.
Now go to http://aussearchdev.domainname.com:8888/modeleradmin/AdminHome.jsp log in as oc4jadmin/XXXXXXX
Configure new target
Target Type 11i
Description ERNIE
Name ERNIE
EBS Database Host Name auserniedb
EBS Database Port 1521
EBS Database SID ERNIE
username apps
password XXXXXXXXx
oc4jadmin XXXXXXXx
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
export PATH=$ORACLE_HOME/bin:$PATH
cd $ORACLE_HOME/j2ee/home
java -jar admin_client.jar deployer:oc4j:aussearchdev oc4jadmin XXXXXXXXX -addDataSourceConnectionPool -name "ERNIE2-pool" -factoryClass "oracle.jdbc.pool.OracleDataSource" -dbUser "apps" -dbPassword "XXXXXXX" -url "jdbc:oracle:thin:@auserniedb.domainname.com:1521:ERNIE" -applicationName appsearch
java -jar admin_client.jar deployer:oc4j:aussearchdev oc4jadmin XXXXXXX -addManagedDataSource -name "ERNIEDS" -jndiLocation "jdbc/ERNIEDS" -connectionPoolName "ERNIE2-pool" -applicationName appsearch
http://aussearchdev.domainname.com:8888/modeler/faces/ModelerHome.jsp
So, creating a self signed SSL certificate for ERNIE EBS instance (this will not work if you use an SSL certificate for another server like say, PROD)
doing this on ausernieapp
openssl genrsa -des3 -out ausernieapp.key 1024
PEM key is ausernieapp
openssl req -new -key ausernieapp.key -out ausernieapp.csr
PEM key is ausernieapp
Country US
State Texas
Locality Austin
Organization Name Corporation
Organizational Unit Name Information Technology
Common Name ausernieapp.domainname.com
Email address [email protected]
No challenge password
No optional company name
Now let's remove the passphrase from the key
cp ausernieapp.key ausernieapp.key.orig
openssl rsa -in ausernieapp.key.orig -out ausernieapp.key
Now let's generate a self-signed certificate
openssl x509 -req -days 1000 -in ausernieapp.csr -signkey ausernieapp.key -out ausernieapp.crt
Install the private key and certificate
cd $IAS_ORACLE_HOME/Apache/Apache/conf/ssl.crt
cp server.crt server.crt.backup.03102010
chown applmgr:applmgr server.crt.backup.03102010
cp $HOME/ausernieapp.crt /d01/oracle/ernieora/new/iAS/Apache/Apache/conf/ssl.crt/server.crt
cd $IAS_ORACLE_HOME/Apache/Apache/conf/ssl.key/
cp server.key server.key.backup.03102010
cp $HOME/ausernieapp.key /d01/oracle/ernieora/new/iAS/Apache/Apache/conf/ssl.key/server.key
chown applmgr:applmgr server.key.backup.03102010
bounce apache as applmgr
cd /d01/oracle/erniecomn/admin/scripts/ERNIE_ausernieapp
./adapcctl.sh stop
./adapcctl.sh start
In IE
https://ausernieapp.domainname.com:8443
Continue
Click on Certificate Error next to URL bar
Install Certificate -> Next-> Place all certificates in the following store -> trusted root certificate authorities ->finish
close browser, back to https://ausernieapp.domainname.com:8443
no errors,
Next step will be to import key into the SES and Search modelers
as oracle on aussearchdev
cd /d01/oracle/10.1.8/sesdev/jdk/jre/lib/security/
cp cacerts cacerts.backup.03102010
scp root@ausernieapp:/root/ausernieapp.crt .
export LANG=c
export PATH=$ORACLE_HOME/jdk/bin:$PATH
keytool -keystore ./cacerts -storepass changeit -alias rootausernieapp -import -trustcacerts -file ausernieapp.crt
--output
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:XX:A6:05:90:F6:XX:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:XX:E1:EA:E4:75:AE:CC:4F:4A:10:2F:8A:FE:9B
Trust this certificate? [no]: yes
Certificate was added to keystore
Now load our cert
keytool -keystore ./cacerts -import -trustcacerts -file ausernieapp.crt
keytool -list -v -keystore ./cacerts now shows
Alias name: rootausernieapp
Creation date: Mar 10, 2010
Entry type: trustedCertEntry
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:CB:XX:05:90:F6:78:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:9C:CE:EA:4E:75:AE:CC:FA:9E:10:2F:8A:FE:9B
Now we need to load it into the search modeler keystore
as root on aussearchdev
export JAVA_HOME=/usr/local/jdk1.5.0_22/
export PATH=$JAVA_HOME/bin:$PATH
cd /usr/local/jdk1.5.0_22/jre/lib/security/
scp root@ausernieapp:/root/ausernieapp.crt .
output
keytool -keystore ./cacerts -import -trustcacerts -file ausernieapp.crt
Enter keystore password: changeit
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:CB:A1:05:90:F6:78:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:9C:CE:EA:4E:75:AE:CC:4F:9E:10:2F:8A:FE:9B
Trust this certificate? [no]: yes
Certificate was added to keystore
[root@aussearchdev security]#
output
For troubleshooting, if you go to end of /d01/oracle/10.1.8/sesdev/search/data/config/crawler.dat
you can modify the logLevel from the default of 4 to 2 to get better debug data. No services need to be restarted, it will become active with the next crawl.
While talking with Oracle, they mentioned the following patches
The patches identified 8321527 and 7586924 are SES patches to help with indexing
They also identified patch 9103851 which is an apps patch dealing with responsibilities <-- This is not yet available
Applying patch 7586924
as oracle on aussearchdev
cd $ORACLE_HOME/bin
./searchctl stopall
cd /mnt/oraclebackup/deathstar_patches/SES/post_patches/7586924
opatch apply
cd $ORACLE_HOME/bin
./searchctl startall
sqlplus eqsys/XXXXXX@SESDEV
define SCH_NAME=EQSYS
define PROXY_USER=EQPROXY
define INST_USER=EQ_TEST
@$ORACLE_HOME/search/admin/eq0pkh.sql
@$ORACLE_HOME/search/admin/eq0plb.sql
@$ORACLE_HOME/search/admin/eq0bug_7586924.sql
cd $ORACLE_HOME/search/data/config/
cp crawler.dat crawler.dat.backup.03102010
vi crawler.dat
We're using the Oracle E-Business Suite R12 crawler, so we will add the line
USE_IN_MEMORY_QUEUE Oracle E-Business Suite R12
as the line immediately preceding IMPORT -
so the end of the file looks like this:
# system properies: separated by space for multiple system properties or define multiple SYSTEM_PROPERTIES
# logLevel values: DEBUG(2), INFO(4), WARN(6), ERROR(8), FATAL(10)
SYSTEM_PROPERTIES -Doracle.search.logLevel=4 -Doracle.search.log=oracle.search.util.Log4jImpl
USE_IN_MEMORY_QUEUE Oracle E-Business Suite R12
IMPORT -
Now on to patch 8321527
cd /mnt/oraclebackup/deathstar_patches/SES/post_patches/8321527
cd $ORACLE_HOME/bin
./searchctl stopall
cd -
opatch apply
cd $ORACLE_HOME/bin
./searchctl startall
sqlplus eqsys/XXXXXXX@SESDEV
define SCH_NAME=EQSYS
define PROXY_USER=EQPROXY
select object_name from user_objects where status = 'INVALID';
--should be no rows selected
@$ORACLE_HOME/search/admin/eq0pkh.sql
@$ORACLE_HOME/search/admin/eq0plb.sql
--should be no rows selected
restart SES
cd -
./searchctl stopall
./searchctl startall -
<p>Hi, I have made changes to EIS model and metaoutline, now i needto import XML file. Is there any sequence rule? Do i need to importEIS model first and then only metaoutline or i can do it viceversa?</p>
<p>I have a big problem with the import of XML file.</p><p>The import do ok, but the drill doesnt work!! The Load data itsok, the problem is in the drill !!!</p><p>When i try to use my report on add-in excel, the cell is marked( using style) as a cell that have LRO, but the drill doesntwork, i receive a message that ocurred a error with theintersection choosed!</p><p>But when i run the original Metaoutline, everithing it isok!</p><p>Any idea??</p><p> </p>
-
I have two Creative Cloud accounts, occurred by accident, I wish to merge them and have all my details and licenses under one account, how do I do that?
This is due to the different changes Adobe has gone through and unfortunately I used different emails at certain times.Under one Adobe ID you can have one CC only,if by accident you have purchased two CC under one account, it needs to be cancelled & refunded, please contact Adobe Support at
http://adobe.ly/yxj0t6
Regards
Rajshree
Maybe you are looking for
-
Satellite A30-504 - maximum size HDD - will 160GB work?
Hi guys, I've a good old A30-504, and the 40GB HDD died a few days ago... I had to buy a new one but the smallest one I can get is 120GB or 160GB. (Samsung HM121HC or HM160HC) will it work in my laptop or should I choose a 40-80GB second-hand one? re
-
Upgrading from 4.2 to 5.1 Performance Issues
Hi All, We are finally upgrading from 4.2 to 5.1. Both our 4.2 and 5.1 servers are identical, however, we are noticing major performance issues in one of our applications that contains 7 account hierarchies and 4 entity hierarchies. Creating a simple
-
Reverting Mavericks RecoveryHD partition back to the original OS version shipped
Hi all, I'm trying to piece together various bits of information acquired through forums, web searches, etc. in the hopes of understanding the end result a bit better. I currently have Mavericks installed in a VM - default system OS is still Mountain
-
Can't Use SQL Server Management Studio
Hello, all. I'm having trouble with SSMS in SQL Server 2014. I was using it just the other day for my database class, and today when I tried using it, SSMS opened, but the login window didn't appear. It isn't hidden behind any other windows that I ca
-
Wrong Service time zone in Service rule: How to correct/modify it ?
I dont know why but even with all our hardware on timezone UTC+1 Paris, i'm having some of the EBS related generic services which were automaticaly setuped with wrong time zones (some UTC+0 and some UTC+2). I intended to correct it in the screen "Edi