ACL in 11g
Hello all,
I am trying to send email from PL/SQL as I have always done, using utl_smtp, however, on 11g I am now getting:
ERROR at line 1:
ORA-20100: OLD_ERR=ORA-24247: network access denied by access control list
(ACL)
The system is SusE:
Linux wtsuse 2.6.22.5-31-default #1 SMP 2007/09/21 22:29:00 UTC x86_64 x86_64 x86_64 GNU/Linux
I have tried following the instructions for the new ACL in Oracle 11:
as SYSTEM:
BEGIN
dbms_network_acl_admin.create_acl (acl => 'plj.xml',
description => 'Network permissions for abc.com',
principal => 'ABC',
is_grant => TRUE,
privilege => 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'abc.xml',
principal => 'ABC',
is_grant => TRUE,
privilege => 'resolve');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'abc.xml',
host => 'mail.abc.net');
END;
commit;
But this does not help.
Same error when trying to send mail as ABC using UTL_SMTP.
Can send mail (using postfix) from the linux command line, no problem.
What do I need to do? It is not at all clear from the doc.
I notice that Oracle refers to a directory /sys/acls where an xml file is stored with the same name (abc.xml)
However, on SuSE this directory does not exist by default
Does Oracle create the XML file? and if so, where is the default location on SuSE - or should I create the directory? and if so as who (oracle?)
Any help will be greatly appreciated.
Paul
The Oracle 11g Upgrade manual describes it as follows (http://download.oracle.com/docs/cd/B28359_01/server.111/b28300/afterup.htm#BABFCBJI)
Configure Fine-Grained Access to External Network Services
Oracle Database 11g Release 1 (11.1) includes fine-grained access control to the UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP, or UTL_INADDR
packages using Oracle XML DB. If you have applications that use one of these packages, you must install Oracle XML DB if it is not already
installed. You must also configure network access control lists (ACLs) in the database before these packages can work as they did in
prior releases.
The following example first looks for any ACL currently assigned to host_name. If one is found, then the example grants user_name the
CONNECT privilege in the ACL only if that user does not already have it. If no ACL exists for host_name, then the example creates a
new ACL called ACL_name, grants the CONNECT privilege to user_name, and assigns the ACL to host_name.
DECLARE
acl_path VARCHAR2(4000);
BEGIN
SELECT acl INTO acl_path FROM dba_network_acls
WHERE host = 'host_name' AND lower_port IS NULL AND upper_port IS NULL;
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(acl_path,
'user_name','connect') IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl_path,
'user_name', TRUE, 'connect');
END IF;
EXCEPTION
WHEN no_data_found THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('ACL_name.xml',
'ACL description', 'user_name', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('ACL_name.xml','host_name');
END;
COMMIT;
Note:
The transaction must be committed for the changes to take effect.
Edited by: Marco Gralike on Oct 17, 2008 10:09 PM
Similar Messages
-
Problems setting up ACL in 11g
Hello,
we recently updated from 10g to 11g. In our db we have a job, which calls a procedure, which checks if all mails from our application have been sent probably, if not it sends out a mail via a different mail server to admins, so they can check what the issue was.
This worked fine in 10g. In 11g I've learned I need to set up the ACL to be able to connect to the mail Server. This is what I've done:
Since the job, mentioned above is running for user sys i set up the ACL for the user sys.
begin
if dbms_db_version.ver_le_10_2 then
null;
else
begin
dbms_network_acl_admin.drop_acl(
acl => 'apex-network.xml'
exception
when others then null;
end;
dbms_network_acl_admin.create_acl(
acl => 'apex-network.xml',
description => 'Network-Connects for system check',
principal => 'SYS',
is_grant => true,
privilege => 'connect'
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => 'apex-network.xml',
principal => 'SYS',
is_grant => true,
privilege => 'resolve'
dbms_network_acl_admin.assign_acl(
acl => 'apex-lcmcc-network.xml',
host => '123.456.78.99'
end if;
end;
show error
commit;
The statement completed successfully. And i checked if the access is granted with the following statement:
SELECT
FROM
user_network_acl_privileges,
TABLE(DBMS_NETWORK_ACL_UTILITY.DOMAINS('123.456.78.99'))
ORDER BY
DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL(column_value) desc,
lower_port,
upper_port;
I see now for the configured host and all subdomains user sys has the privillege resolve and connect granted.
When i run the procedure, which should sent the mails i still get the error ORA-24247: network access denied by access control list (ACL).
Here is the relevant code from the procedure:
BEGIN
c := UTL_SMTP.OPEN_CONNECTION('123.456.78.99');
UTL_SMTP.HELO(c, 'xxx.de');
UTL_SMTP.MAIL(c, '[email protected]');
UTL_SMTP.RCPT(c, p_rcpt);
UTL_SMTP.OPEN_DATA(c);
send_header('From', p_from);
send_header('To', p_rcpt);
send_header('Subject', p_subject);
UTL_SMTP.WRITE_DATA(c, UTL_TCP.CRLF||p_message );
UTL_SMTP.CLOSE_DATA(c);
UTL_SMTP.QUIT(c);
EXCEPTION
WHEN utl_smtp.transient_error OR utl_smtp.permanent_error THEN
BEGIN
UTL_SMTP.QUIT(c);
EXCEPTION
WHEN UTL_SMTP.TRANSIENT_ERROR OR UTL_SMTP.PERMANENT_ERROR THEN
NULL; -- When the SMTP server is down or unavailable, we don't have
-- a connection to the server. The QUIT call will raise an
-- exception that we can ignore.
END;
raise_application_error(-20000,
'Failed to send mail due to the following error: ' || sqlerrm);
END;
Please forgive me if i miss out important information you need to assist me in this endavor, i will try to deliver them shortly.
Any sugesstions are much apreciated.
Thanks in advance.>Since the job, mentioned above is running for user sys i set up the ACL for the user sys.
SYS schema is reserved for Oracle maintenance & upgrades.
You should NEVER make or modify objects within the SYS schema. -
Hi ,
I am executing the below script as SYS user
dbms_network_acl_admin.create_acl
acl => 'utl_mail.xml'
,description => 'email Access'
,principal =>'PUBLIC'
,is_grant => TRUE
,privilege =>'connect'
,start_date => NULL
,end_date => NULL
And i am getting the below error
*ERROR at line 1: ORA-31003: Parent /sys/acls/ already contains child entry utl_mail.xml ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 252
But there is no entry in DBA_NETWORK_ACLS that corresponds to utl_mail.xml , but there is an entry for lie the following
/sys/acls/mail_access.xml
i am not able to get around this issue , help needed
I am on Oracle 11gHi,
Raunaq wrote:
Q1: will it not effect my work if i change it to utl_mail_new.xml?
Q2:Does it have something to do with utl_mail. package installed on my DB?
A1: in my opinion no, you will not have any impact.
A2: please see OTN form: https://forums.oracle.com/thread/1019669?start=0&tstart=0
Thank you -
I migrated a server + data + APEX application from 10g to 11g. Now my email sending is all messed up because of the ACL in 11g. I can't seem to figure out how to appease it. I have the smtp server correctly set in the parameters. Here is the procedure I'm trying to use (from http://www.morganslibrary.org/reference/pkgs/utl_smtp.html):
CREATE OR REPLACE PROCEDURE send_email(
pFromUser IN VARCHAR2,
pToUser IN VARCHAR2,
pSubject IN VARCHAR2 DEFAULT NULL,
pBody IN VARCHAR2 DEFAULT NULL)
IS
conn UTL_SMTP.CONNECTION;
crlf VARCHAR2(2) := CHR(13) || CHR(10);
EmailServer VARCHAR2(60) := 'mail.mt.net';
mesg VARCHAR2(4000) := 'Hello World';
pwd VARCHAR2(200) := '{substituted}';
SenderAddress VARCHAR2(200) := '{substituted}';
SenderName VARCHAR2(50) := 'Blair Christensen';
pToList VARCHAR2(4000);
vToReceivers VARCHAR2(200);
uname VARCHAR2(200);
BEGIN
conn:= utl_smtp.open_connection(EmailServer, 587);
utl_smtp.ehlo(conn, EmailServer);
--utl_smtp.helo( conn, EmailServer );
utl_smtp.command(conn, 'AUTH LOGIN');
utl_smtp.command(conn, utl_raw.cast_to_varchar2(
utl_encode.base64_encode( utl_raw.cast_to_raw(uname))));
utl_smtp.command(conn, utl_raw.cast_to_varchar2(
utl_encode.base64_encode( utl_raw.cast_to_raw(pwd))));
utl_smtp.mail(conn, SenderAddress);
utl_smtp.rcpt(conn, pToList);
mesg:= 'Date: '|| TO_CHAR(SYSDATE, 'DD MON RR HH24:MI:SS' )|| crlf ||
'From: "' || SenderName || '" ' || SenderAddress || crlf ||
'Subject: ' || pSubject || crlf ||
'To: '|| pToList || crlf||
pBody || crlf || crlf;
utl_smtp.data(conn, mesg);
utl_smtp.quit(conn);
EXCEPTION
WHEN OTHERS THEN
RAISE_APPLICATION_ERROR(-20001,SQLERRM);
END;
/When I call it, I get the following error:
Error starting at line 1 in command:
exec send_email('--','--','Test','Test email')
Error report:
ORA-20001: ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "APPS.SEND_EMAIL", line 40
ORA-06512: at line 1Can anyone help me?
To Oracle: Why isn't there a nice graphical tool to help administer this?Can someone please list out the syntax or packages necessary for USE with the DBMS_NETWORK_ACL_ADMIN package to enable email via UTL_SMTP and UTL_MAIL. THAT is the piece I can't find ANYWHERE.
http://docs.oracle.com/cd/E14072_01/appdev.112/e10577/d_networkacl_adm.htm
Is a great document for describing the DBMS_NETWORK_ACL_ADMIN package, but I don't have any idea how to apply THIS
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl => 'www.xml',
description => 'WWW ACL',
principal => 'SCOTT',
is_grant => true,
privilege => 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'www.xml',
principal => 'SCOTT',
is_grant => true,
privilege => 'resolve');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'www.xml',
host => 'www.us.oracle.com');
END;
COMMIT;to setting up email! What does 'www.xml' represent? What do I need to substitute to apply it for use with UTL_MAIL and UTL_SMTP? THAT's the part that ISN'T documented and makes this whole process so frustrating! -
Network ACLs topics after upgrade to 11g.
Hi Group
On my pre script upgrade from 10.2.0.4 to 11.1.0.7, a message appear on the final part of the log:
WARNING: --> Database contains schemas with objects dependent on network
packages.
.... Refer to the 11g Upgrade Guide for instructions to configure Network ACLs.
.... USER USR_COMP has dependent objects.
.... USER USR_DEV has dependent objects.
Really I don't know what to do on this issue.
I've read the instructions and I have executed the following but I'm not sure it be right procedure:
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('netacl.xml',
'Allow usage to the UTL network packages', 'USR_COMP', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('netacl.xml' ,'USR_COMP', TRUE, 'resolve');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('netacl.xml' ,'USR_DEV', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('netacl.xml' ,'USR_DEV', TRUE, 'resolve');
-- Specify which hosts this ACL applies to,
-- for simplicity, we're saying all (*)
-- You might want to specify certain hosts to lock this down.
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('netacl.xml','*');
END;
How can I validate that both users now have the correct privileges from the old version?
Thanks in advanceHi,
Refer thread:
11g Upgrade - Network ACL
Hope helps :)
thanks,
X A H E E R -
Oracle 11g XE not working with oracle BI publisher 10g after enabling ACL
Hello,
I previously work with oracle 10gXE and Oracle BI publisher 10g and it work fine. now i install oracle 11g XE and try to configure it with oracle Bi Publlisher, it show this error
"ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1324 ORA-12570: TNS:packet reader failure" after runing the ACL package to neable network service.
on the database.
Please can any body tell be why this is not working. Tanx.You'll need to add the apex engine owner to the ACL (Access Control List). Depending on your version of apex the user name varies. i.e. 4.0 is APEX_040000
See Joel's blog for info about the ACL and APEX.
[http://joelkallman.blogspot.com/2010/10/application-express-network-acls-and.html] -
Assign ACL Error in Oracle 11g R1
Hi,
I am Using Oracle 11g Database Release 1 I have created a ACL in my Database, now I am trying to assign the acl using the below mentioned pl/sql script
begin
dbms_network_acl_admin.assign_acl (
acl => 'utlpkg.xml',
host => 'domainnet.com',
lower_port => 1,
upper_port => 10000);
end;
commit;
Error is
Error at line 1
ORA-01403: no data found
ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 477
ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 410
ORA-06512: at line 2
The same Script I have run in another database it is working fine…
I don’t know what is wrong ….
Please advice ….
Thank You
SHANPlease, have a look to the following metalink note
Ora-1403 When Trying to Create a Network Access Control List*
Doc ID: 854083.1*
Note, Only one ACL can be assigned to any host computer, domain, or IP subnet, and if specified, the TCP port range - from the doc here
http://download.oracle.com/docs/cd/B28359_01/appdev.111/b28419/d_networkacl_adm.htm#BABDIGJC
Furthermore, it looks like your host variable is a domain name, did you try to use a wildcard i.e. *.domainnet.com or give the exact host name ?
Nicolas. -
I want to upgrade my oracle 10g database to 11g. the utlui112.sql script shows following -
WARNING: --> Database contains schemas with objects dependent on network packages.
.... Refer to the Upgrade Guide for instructions to configure Network ACLs.
.... USER MDMSYS has dependent objects.
According to documentation , it is not clear whether I need to install XML DB before upgrade or after upgrade to 11g.
I run the following query and result is as follows -
SQL >SELECT * FROM DBA_DEPENDENCIES WHERE referenced_name IN ('UTL_TCP','UTL_SMTP','UTL_MAIL','UTL_HTTP','UTL_INADDR')
AND owner NOT IN ('SYS','PUBLIC','ORDPLUGINS');
OWNER NAME TYPE REFERENCED_OWNER REFERENCED_NAME REFERENCED_TYPE
REFERENCED_LINK_NAME DEPE
MDMSYS MDM_JOB PACKAGE BODY PUBLIC UTL_TCP SYNONYM
HARD
MDMSYS MDM_JOB PACKAGE BODY MDMSYS UTL_TCP NON-EXISTENT
Can someone plaease help on how I can configure the network ACLs?Hi ,
You can grant to a network and not necessary to grant each machines IP details.
Also this has to be granted to users or the principal is the schema who will be executing this utl_smtp.
If there are multiple users, then you need to grant access to each user.
You need to configure below steps to grant access to the user for utl operations.
This is a new security feature to 11g.
Please review below document :
Oracle® Database Security Guide
11g Release 1 (11.1)
Part Number B28531-06
4 Configuring Privilege and Role Authorization
Managing Fine-Grained Access to External Network Services
URL : http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/authorization.htm#CIHDAJDJ
A example of the setting:
=================
If you are creating the ACL for the first time, you can directly go to step (d).
Please replace the values in < > with your environment values.
a. Drop the user privilege:(please run the below for all the users who are granted connect privilege).
BEGIN
DBMS_NETWORK_ACL_ADMIN.delete_privilege (
acl => '<mailserver_acl.xml>',
principal => '<MYUSER>',
is_grant => FALSE,
privilege => 'connect');
COMMIT;
END;
b. Unassign the network details from ACL (The ip address are only example, please replace with the
values you have specified)
BEGIN
DBMS_NETWORK_ACL_ADMIN.unassign_acl (
acl => '<mailserver_acl.xml>',
host => '<192.168.2.3>',
lower_port => <25>,
upper_port => <25>);
COMMIT;
END;
c. Drop the ACL
BEGIN
DBMS_NETWORK_ACL_ADMIN.drop_acl (
acl => '<mailserver_acl.xml>');
COMMIT;
END;
d. Create the acl again fresh:
BEGIN
DBMS_NETWORK_ACL_ADMIN.create_acl (
acl => 'mailserver_acl.xml',
description => 'Mailserver ACL',
principal => '<MYUSER>',
is_grant => TRUE,
privilege => 'connect',
start_date => SYSTIMESTAMP,
end_date => NULL);
COMMIT;
END;
e. Assign the acl to the network:(please have the ip address modified to correct IP of the machine where this utl package is targetted run.)
for example IP/hostname of mail server should be there for UTL_SMTP to execute.
BEGIN
DBMS_NETWORK_ACL_ADMIN.assign_acl (
acl => 'mailserver_acl.xml',
host => '<192.168.2.3>',
lower_port => <25>,
upper_port => <25>);
COMMIT;
END;
f.Test the package.
Thanks,
Sathya -
ACL error when sending email from Oracle 11g
Hi,
It returned something like "error...ACL security" when I tried to send email from Oracle 11g. Is there any security thing that I need to release in Oracle 11g? I used to send emails from Oracle 10g and didn't find any problem.
Thanks.
AndyIn Database 11g Oracle introduced Network Access Control Lists (ACLs) to protect the database from users using the many internet-capable packages such as UTL_INADDR, UTL_HTTP, UTL_TCP, etc.
Read all about it in the docs and look at the code demos here:
http://www.morganslibrary.org/library.html
under DBMS_NETWORK_ACL_... -
Best way to avoid requirement for network ACL after upgrade to 11g
Hi All,
After upgrade from 10g to 11g, I found Network ACLs required to make code using SYS.UTL_SMTP to work. Otherwise there is an error: ORA-24247: network access denied by access control list (ACL).
Do you know an elegant way to get rid of ACLs? I mean to open the network for all user's code, like it was on 10g, instead of checking what is actually needing it and doing specific ACLs for users. Database parameter disabling ACL restrictions seems natural option here, but it looks like Oracle not introduced such.
Kind Regards,
ArtzawI don't know of a way to disable ACLs, no. I'd imagine that there probably is a hidden parameter that Oracle Support could direct you to. I'm hard-pressed to imagine why you'd really want to disable that functionality, though.
You can create an ACL that allows access to an arbitrary host on an arbitrary port (host => '*.*.*.*' and with NULL lower_port and upper_port values).
Justin -
Need help in utl_smtp and utl_tcp in 11g and ACL files
Hi,
Recnetly we migrated from 10g to 11g. The thing is I couldnnt able to get access on utl_smtp and utl_tcp packages. And I am getting the following errors.
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYS.UTL_SMTP", line 115
ORA-06512: at "SYS.UTL_SMTP", line 138
ORA-06512: at "USWU48216.SEND_MAIL", line 19
ORA-06512: at line 1
After getting the above error I tried to configure ACL with below command, again its throwing error.
exec dbms_network_acl_admin.add_privilege(acl => 'ACL_name.xml', principal => 'xxx', is_grant => TRUE, privilege => 'connect');
ORA-31001: Invalid resource handle or path name "/sys/acls/ACL_name.xml"
ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 247
ORA-06512: at line 1
Any ideas, please..
Edited by: user6476691 on Nov 9, 2008 12:03 AMSathish,
Thats a good webstie.
I created an xml file. After that, when I was trying to
begin
dbms_network_acl_admin.add_privilege (
acl => 'utlpkg.xml',
principal => 'xxx123',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null);
end;
I am getting tthe following error....
ORA-31001: Invalid resource handle or path name "/sy
ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 79
ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 401
ORA-06512: at line 2
Any inputs ??? plz....
Edited by: user6476691 on Nov 9, 2008 7:48 PM -
11g R1 upgrade issues - ACL, XDB, java ...
Hi all
just a general FYI for anyone who's interested.
After hitting and working around bug #9078101 we had this obtuse message:
ORA29516: Aurora assertion failure: Assertion failure at jol.c:1119
JOL assertion failure: jol.c:1119 Not Cafe Babe
The fix was to drop and reload the java class being called. :P This isn't in MOS, as far as i can tell.
10.2.0.4 to 11.1.0.7 EE upgrade on HPUX 11.23.Check the following metalink notes.
Note: 308377.1 - Ora-01031: Insufficient Privileges While Using Dbua During Upgrade, it might be applicable to your issue
Note: 1030426.6 - How to Clean Up Duplicate Objects Owned by SYS and SYSTEM Schema -
I have a .jspx page that renders taskflows as dynamic regions. When I execute this exception is what I get.
WARNING: [ComponentRule]{faces-config/component} Merge(oracle.adf.Table)
<Aug 13, 2009 11:39:47 AM IST> <Warning> <HTTP> <BEA-101162> <User defined listener com.sun.faces.config.ConfigureListener failed: java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase.
java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase.<init>(JSFLifecycle.java:22)
at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle.<clinit>(JSFLifecycle.java:40)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.<init>(ADFPhaseListener.java:241)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.<init>(ADFLifecyclePhaseListener.java:26)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Truncated. see log file for complete stacktrace
>
<Aug 13, 2009 11:39:47 AM IST> <Warning> <HTTP> <BEA-101162> <User defined listener oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack failed: java.lang.NullPointerException.
java.lang.NullPointerException
at oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack.contextDestroyed(ADFConfigLifeCycleCallBack.java:122)
at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:482)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.EventsManager.notifyContextDestroyedEvent(EventsManager.java:200)
Truncated. see log file for complete stacktrace
>
Aug 13, 2009 11:39:47 AM oracle.mds.internal.lcm.logging.MDSLCMLogger log
INFO: MBean: oracle.mds.lcm:name=MDSAppRuntime,type=MDSAppRuntime,Application=UI deregistered
Aug 13, 2009 11:39:47 AM oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener postStop
INFO: ADFApplicationLifecycleListener.postStop
Aug 13, 2009 11:39:47 AM oracle.adf.share.config.ADFConfigFactory cleanUpApplicationState
INFO: Cleaning up application state
<Aug 13, 2009 11:39:47 AM IST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1250143764562' for task '2'. Error is: 'weblogic.application.ModuleException: '
weblogic.application.ModuleException:
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1376)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:452)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
Truncated. see log file for complete stacktrace
java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase.<init>(JSFLifecycle.java:22)
at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle.<clinit>(JSFLifecycle.java:40)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.<init>(ADFPhaseListener.java:241)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.<init>(ADFLifecyclePhaseListener.java:26)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Truncated. see log file for complete stacktrace
>
<Aug 13, 2009 11:39:47 AM IST> <Error> <Deployer> <BEA-149202> <Encountered an exception while attempting to commit the 1 task for the application 'UI'.>
<Aug 13, 2009 11:39:47 AM IST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'UI'.>
<Aug 13, 2009 11:39:47 AM IST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
weblogic.application.ModuleException:
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1376)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:452)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
Truncated. see log file for complete stacktrace
java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase.<init>(JSFLifecycle.java:22)
at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle.<clinit>(JSFLifecycle.java:40)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.<init>(ADFPhaseListener.java:241)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.<init>(ADFLifecyclePhaseListener.java:26)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Truncated. see log file for complete stacktrace
>
[11:39:47 AM] Weblogic Server Exception: weblogic.application.ModuleException:
[11:39:47 AM] Caused by: java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
[11:39:47 AM] See server logs or server console for more details.
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed[11:39:47 AM] #### Deployment incomplete. ####
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.redeployApplications(Jsr88DeploymentHelper.java:627)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:315)
... 11 more
Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.redeployApplications(Jsr88DeploymentHelper.java:608)
... 12 more
#### Cannot run application UI due to error deploying to DefaultServer.
[Application UI stopped and undeployed from Server Instance DefaultServer]I was facing a similar error, the problem was because of adf-controller.jar. My error was :
java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
The jar's 10g edition has (1st part)oracle.adf.controller.v2.lifecycle.Lifecycle$Phase and 11g edition has (2nd part) oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase. So I created my own jar extracting both jars at one place using the following command
jar -cf adf-controller.jar .
This solved my problem.
Hope you get the idea. The best way to face these type of errors is opening the archive and checking for the files for which the compiler is complaining. -
Error in starting BI Scheduler service in OBIEE 11g
Hello All,
I am working on OBIEE 11g. When I am trying to start up services by login into Enterprise Manager it is giving following error to start Bi Schedulers i.e. coreapplication_obisch1.
Module: oracle.bi.management.sysmancommon
Message: Error in starting component: oracle instance: instance1, component: coreapplication_obisch1
Supplemental Detail:
oracle.bi.management.adminservices.opmn.ProcessControlException: Operation Failed: start; OracleInstance: instance1; Component: coreapplication_obisch1; msg: 0 of 1 processes started.
at oracle.bi.management.adminservices.opmn.OpmnProcessController.start(OpmnProcessController.java:145)
at oracle.bi.management.adminservices.model.impl.ProcessManagerProxyImpl.start(ProcessManagerProxyImpl.java:62)
at oracle.bi.management.adminservices.mbeans.impl.BIComponentMBeanImpl.start(BIComponentMBeanImpl.java:172)
at oracle.bi.management.adminservices.mbeans.impl.BIComponentMBeanImpl.start(BIComponentMBeanImpl.java:157)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.doInvoke(OracleStandardEmitterMBean.java:1012)
at oracle.adf.mbean.share.AdfMBeanInterceptor.internalInvoke(AdfMBeanInterceptor.java:104)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalInvoke(AbstractMBeanSecurityInterceptor.java:190)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$2.run(JpsJmxInterceptor.java:358)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalInvoke(JpsJmxInterceptor.java:374)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalInvoke(ContextClassLoaderMBeanInterceptor.java:103)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.generic.spi.interceptors.MBeanRestartInterceptor.internalInvoke(MBeanRestartInterceptor.java:116)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.generic.spi.interceptors.LoggingMBeanInterceptor.internalInvoke(LoggingMBeanInterceptor.java:524)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.invoke(OracleStandardEmitterMBean.java:924)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.mbeanservers.domainruntime.internal.FederatedMBeanServerInterceptor.invoke(FederatedMBeanServerInterceptor.java:349)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:263)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityMBeanMgmtOpsInterceptor.invoke(SecurityMBeanMgmtOpsInterceptor.java:65)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1367)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1035_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
at weblogic.management.remote.wlx.ClientProvider$WLXMBeanServerConnectionWrapper.invoke(ClientProvider.java:291)
at weblogic.management.remote.wlx.ClientProvider$WLXMBeanServerConnectionWrapper.invoke(ClientProvider.java:291)
at oracle.sysman.emai.model.bi.impl.JmxUtil.invokeMethod(JmxUtil.java:184)
at oracle.sysman.emai.model.bi.mbean.AvailabilityAssistant.processComponent(AvailabilityAssistant.java:636)
at oracle.sysman.emai.model.bi.mbean.AvailabilityAssistant.startComponent(AvailabilityAssistant.java:596)
at oracle.sysman.emai.view.bi.AvailabilityView.startComponent(AvailabilityView.java:421)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.sysman.emas.sdk.progress.WorkWrapper.run(WorkWrapper.java:96)
at java.lang.Thread.run(Thread.java:662)
Please guide me on this. Because I am unable to login into Analytics and I think its due to as BI Schedulers are not getting up.
Thank You.
Regards,
MeghanaHi sateesh,
Seems your database listerner and opmnctl is down....first start these in your services pane and then try starting your BI server....but keep in mind close the admin tool if it is open .
This might also help [http://gerardnico.com/wiki/dat/obiee/start_11g]
By,
KK -
How can I add an admin user in Oracle Unified Directory (OUD) 11g r2?
I'm using OUD 11G R2. I just installed OUD with the default setting and setup an instance. I tried to add an admin user with the command:
./ldapmodify -h localhost -p 1389 -D "cn=Directory Manager" -w password --defaultAdd --filename admin.ldif
Here is the content of admin.ldif
dn: cn=oimuser,cn=Root DNs,cn=config
objectClass: inetOrgPerson
objectClass: person
objectClass: top
objectClass: ds-cfg-root-dn-user
objectClass: organizationalPerson
userPassword: Oracle123
cn: oimuser
sn: oimuser
ds-cfg-alternate-bind-dn: cn=oimuser
givenName: OIM User
ds-privilege-name: -config-read
ds-privilege-name: -config-write
ds-privilege-name: -backend-backup
ds-privilege-name: -backend-restore
ds-privilege-name: -data-sync
ds-privilege-name: -disconnect-client
ds-privilege-name: -jmx-notify
ds-privilege-name: -jmx-read
ds-privilege-name: -jmx-write
ds-privilege-name: -ldif-export
ds-privilege-name: -ldif-import
ds-privilege-name: -modify-acl
ds-privilege-name: -privilege-change
ds-privilege-name: -proxied-auth
ds-privilege-name: -server-restart
ds-privilege-name: -server-shutdown
ds-privilege-name: -update-schema
ds-privilege-name: -cancel-request
I got the error as below:
The provided entry cn=oimuser,cn=Root DNs,cn=config cannot be added because its suffix is not registered with the network group network-group
Would you please advise how I can fix that? ThanksI got the reason. cn=config is an administrative suffix.
In general, direct LDAP access to the administrative suffixes (using
the ldap* utilities) is discouraged. In most cases, it is preferable
to use the dedicated administrative command-line utilities to access
these suffixes.
If you must use the ldap* commands to access the administrative
suffixes, you must use the administration connector port (with the
--useSSL or -Z option).
It works when I use the command:
./ldapmodify -h localhost -p 4444 -D "cn=Directory Manager" -w Oracle123 --defaultAdd -Z --filename admin.ldif
You can verify it by:
./ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password --useSSL -b "cn=root DNs,cn=config" "cn=oimuser"
Maybe you are looking for
-
Assign chart of account to a new company code
Dear all, I have created a new company code in system(copy an existing company code data). When I am going to a new chart of account to the new company code, system display an error message as follows: Reset company code data before changing the char
-
How do I get my money back if my daughter bought a game 4 times?
My daughter had bought a game, but she saw that it didn't do it so she tried three more times. The problem was that y card wasn't listed. So when I listed it, it bought it 4 times. I only got my money back for one, I need it back for the other two to
-
SAP ECC 6.0 product is missing in SLD - Can I import it from any file?
Hello All, I am doing IDOC to file scenario in PI7.0 and ECC 6.0. When I am trying to configure Technical system - I am running this problem as my IDOC is coming from ECC 6.0. I have created all RFC and ports. When I am trying to create Technical sys
-
Hello all my mail is now sending and receiving. My issue to solve now is when I look at it through web-mail I get an error "ERROR: Could not complete request. Query: CREATE "INBOX/Sent" Reason Given: Invalid mailbox name". I see no folders just the e
-
How to reconfigure notification email and smtp addresses
Hi all, I want to reconfigure notification email and smtp addresses on single instance db (10.2 and 11.1 versions). How this is done?