Active Directory Rename

Similar Messages

• Active Directory Domain Services crash after Administrator renames object in Active Directory Users and Computers

  Hello.
  We have two domain controllers - node1 (Windows 2008 R2) and node2 (Windows 2012 R2). When administrator connects to node2 and tries to rename some object in AD (for example, user) AD Domain Services crashes and reboot server after 60 seconds.
  In Events I can see these messages:
  Log Name:      Directory Service
  Source:        Microsoft-Windows-ActiveDirectory_DomainService
  Date:          04.03.2014 12:37:58
  Event ID:      1173
  Task Category: Internal Processing
  Level:         Warning
  Keywords:      Classic
  User:          domain\admin
  Computer:      NODE2.domain.example
  Description:
  Internal event: Active Directory Domain Services has encountered the following exception and associated parameters.
  Exception:
  c0000005
  Parameter:
  0
  Additional Data
  Error value:
  7ffc7c38e45d
  Internal ID:
  0
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
      <EventID Qualifiers="32768">1173</EventID>
      <Version>0</Version>
      <Level>3</Level>
      <Task>9</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8080000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-04T06:37:58.116264800Z" />
      <EventRecordID>881</EventRecordID>
      <Correlation />
      <Execution ProcessID="572" ThreadID="2580" />
      <Channel>Directory Service</Channel>
      <Computer>NODE2.domain.example</Computer>
      <Security UserID="S-1-5-21-3794920928-4165619442-305938157-2047" />
    </System>
    <EventData>
      <Data>c0000005</Data>
      <Data>7ffc7c38e45d</Data>
      <Data>0</Data>
      <Data>0</Data>
    </EventData>
  </Event>
  Log Name:      Application
  Source:        Microsoft-Windows-Wininit
  Date:          04.03.2014 12:37:58
  Event ID:      1015
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      NODE2.domain.example
  Description:
  A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005.  The machine must now be restarted.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
      <EventID Qualifiers="49152">1015</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
      <EventRecordID>189578</EventRecordID>
      <Correlation />
      <Execution ProcessID="0" ThreadID="0" />
      <Channel>Application</Channel>
      <Computer>NODE2.domain.example</Computer>
      <Security />
    </System>
    <EventData>
      <Data>C:\Windows\system32\lsass.exe</Data>
      <Data>c0000005</Data>
    </EventData>
  </Event>
  Log Name:      Application
  Source:        Application Error
  Date:          04.03.2014 12:37:58
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      NODE2.domain.example
  Description:
  Faulting application name: lsass.exe, version: 6.3.9600.16384, time stamp: 0x5215e25f
  Faulting module name: ntdsai.dll, version: 6.3.9600.16421, time stamp: 0x524fcaed
  Exception code: 0xc0000005
  Fault offset: 0x000000000019e45d
  Faulting process id: 0x23c
  Faulting application start time: 0x01cf3773fe973e1b
  Faulting application path: C:\Windows\system32\lsass.exe
  Faulting module path: C:\Windows\system32\ntdsai.dll
  Report Id: 85cfbe32-a367-11e3-80cc-00155d006724
  Faulting package full name:
  Faulting package-relative application ID:
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
      <EventRecordID>189576</EventRecordID>
      <Channel>Application</Channel>
      <Computer>NODE2.domain.example</Computer>
      <Security />
    </System>
    <EventData>
      <Data>lsass.exe</Data>
      <Data>6.3.9600.16384</Data>
      <Data>5215e25f</Data>
      <Data>ntdsai.dll</Data>
      <Data>6.3.9600.16421</Data>
      <Data>524fcaed</Data>
      <Data>c0000005</Data>
      <Data>000000000019e45d</Data>
      <Data>23c</Data>
      <Data>01cf3773fe973e1b</Data>
      <Data>C:\Windows\system32\lsass.exe</Data>
      <Data>C:\Windows\system32\ntdsai.dll</Data>
      <Data>85cfbe32-a367-11e3-80cc-00155d006724</Data>
      <Data>
      </Data>
      <Data>
      </Data>
    </EventData>
  </Event>
  In node2 we installed all available updates and hotfixes.

   Hi Azamat Hackimov,
  Regarding to error messages, it seems that the
  ntdsai.dll file caused the issue. Based on current situation, please use
  sfc /scannow command to scan protected system files and check if find error and repair. Meanwhile, you can also navigate to the location of this DLL file and confirm details.
  In addition, Windows Server 2012 R2 has reboot unexpectedly. Please check if you get some dump file and then analysis it. It may help us to find the root reason. Please refer
  to the following KB.
  How to read the small dump memory dump file that is created by Windows if a crash occurs.
  http://support.microsoft.com/kb/315263/en-us
  By the way, it is not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service
  and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
  To obtain the phone numbers for specific technology request, please refer to the web site listed below:
  http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
  Hope this helps.
  Best regards,
  Justin Gu

• Turn "Delete Resource Account" for Active Directory into rename/move/unlink

  My Windows sysad would like me to stop deleting Active Directory users; he's tired of cleaning up from dangling SIDs, and I don't particularly blame him. Instead, he would like the process of "deleting" an AD account to be more like:
  1. disable
  2. rename from cn=user to cn=user_999, where 999 is replaced with an incrementing number (jsmith_001, jsmith_002, etc.). (Or maybe he;d be Ok with jsmith_yyyymmddhhmmss...)
  3. move (probably in the same "rename" above) from ou=Employees to ou=4Delete.
  4. unlink account from user.
  We are assigning AD accounts through roles, and so the Delete Resource User (or Delete Resource Person?) task is invoked. Does anyone have a customized version of this task that differentiates between resource account types and handles the "disable/rename/move/unlink" AD account paradigm my sysad would like? -Les

  Hi,
  did you ever resolve this? If so, how did you work it out as we would like to do the same.
  Thanks.

• Documentation on Active Directory Domain Rename for VMware

  Aplogies if my questions are elementary. Just getting started with VMware.
  We are looking to update our virtualized Active Directory domain name. I have the documentation for that, but want to make sure I have the list of articles needed to make sure the VMware is properly updated as well.
  I found the following documents:
  configure host to use active directory:
  https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-63D22519-38CC-4A9F-AE85-97A53CB0948A.html
  setting DNS configuration vmware
  http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vcli.examples.doc%2Fcli_manage_networks.11.8.html
  Is there anything else?
  Which do I update first? The VMware info or the Active Directory.

  Hi David,
  Based on my experience, you’d better pay attention to the following  two points:
  1. After you have completed the installation of Exchange 2010, you have to create an Accepted Domain of “uvwxyz.org”.
  2. If you want to use Autodiscover, you need to configure the additional settings for “uvwxyz.org”. You could refer to the article below:
  http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
  or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  If you have any further questions, please do not hesitate to post back.
  Best regards,
  Eric

• Active Directory - Authentication Problem

  Hi Guys,
  I'm seeing something really weird in my Environment.
  For example, we have two users as example below in our Active Directory:
  jonesp - Paul Jones
  jonesph - Phillip Jones
  These users can't login into any Mac connected in Active Directory, on PCs the login goes fine.
  But when I renamed the login jonesp to jonespa, both users can login in the Macs.
  Anyone have this issue too? There is a KB telling about this behavior?
  This happens on Macs running 10.7.* and 10.8.*.
  Thanks

  Sorry CT,
  The problem isn't with Active Directory, this only happens on Macs.
  The problem doesn't happens with Windows and Linux, only on Macs.
  Anyway thanks for your help.
  Regards

• How do I create Local Network Home Folders for Users from an Active Directory binding?

  My situation is this... I run an iMac lab at my school.  I have a server set up to manage the network user accounts in the lab.  Currently, I can sucessfully create Local Network Users and log in to them from any of the iMacs.  My school has an Active Directory set up for all the students on campus.  What I'd like to be able to do is configure the server to allow the students to use their user names and passwords from their school accounts to log in to the iMacs and have it automatically build a network user folder on the server for them to use during the lab. 
  So far, I have been able to configure access for the Active Directory accounts to use the services on the server, mainly File Sharing, but I cannot figure out how to allow them to log into a user account on the client's machines using their same Active Directory credentials.  I have even attempted to allow the user accounts to create mobile accounts, but that's not working out either.  Entering indivual network user accounts into the server for every student every semester will be a nightmare.  I'm sure there's a way to do it automatically using the exisitng Active Directory structure.
  The live server is running 10.8.5 Server still, but I've also got a clone running OS X Server in case it matters.  Please help!

  ok reinstalled everything dns seems to be working have done sudo changeip -checkhostname and it says that both names match but then i started open directory and can't seem to get Kerberos started, i've tried changing it to stand alone then back again but it does nothing. I'm wondering why this would happen? i've tried adding a kerberos record but it doesn't do it just does nothing so i don't know what i'm doing wrong. I wondered if it might be a problem with the two network cards and dns as on ethernet one it is getting the dns name xserve.xxxx.ac.uk (which matches what the college server wants to call us) but on ethernet 2 gets xserve-2.local because it tells me that it already exists on ethernet one and renames it to this. I need to set up NAT so have ethernet coming in on port one and out again on port two. I wonder if my dns is backwards as its got the 192. address the NAT uses but its linked to the ethernet port one dns maybe this is the problem. would this cause open directory not to start kerberos?

• Convert Open Directory mobile accounts to Active Directory mobile accounts

  We have 200 or so Macs using OD mobile accounts.
  Implementing Active Directory, getting rid of Open Directory.
  How do I change the mobile accounts from OD accounts to AD accounts so that it authenticates against the AD Domain Controller and thus change compter login password when it's changed in AD?
  I can convert accounts this way:
  a.    Delete users’ user account in User preferences pane of System Preferences, but choose to not change the home directory.
  b.    Log into users’ account by choosing the other option, thus creating a mobile account.
  c.    Log out, log into admin account, delete the newly created home directory, rename the home directory from the deleted users account to match the name of the deleted home directory and do a chown –R on the directory for that user.
  Obviously doing above 200x times is tedious and I'd like to avoid this if possible!
  Any other ideas?  Preferably a script I can deploy to all computers?

  I am also testing Leopard in my Active Directory domain and here is what I have found so far. The wireless networks in Leopard seem to be a combination of Panther and Tiger. Each 'Location' that you set has its own list of preferred networks. I have one location for when I am locally on the domain network and others for my bench network and all others under 'Automatic'. The one problem with what you are talking about is that if people change locations and forget to change it back before they log in, it will not find the network, however, adding the other networks all in one location is fine as long as the AD network is on top. You also have to wait about 20 - 30 seconds after you reach the login prompt before proceeding or it will log in without being connected and the AD resources will not be available. I am also finding that Panther knew when it was not on the AD network and did not give any errors, however Leopard squawks when I log in on a different network.
  Cheers,
  Rob

• Active Directory Not Syncing Correctly in ES2

  Hello,
  We had our Active Directory 2003 synced up using Adobe Livecycle ES.  There would be around 30,000 users that would be synced and this would take around 3 - 4 1/2 minutes to run.  This worked perfectly for us for the past half of a year or so.
  Last week we upgraded to ES2 and moved all of our processes over.  We removed ES and did a fresh install of ES2.  Everything seems to be working fine now except the Active Directory isn't syncing properly.  When we run the sync, different numbers of users will be fetched.  Sometimes it's around three thousand, sometimes seven thousand, sometimes ten thousand, but it never seems to get through them all.  In the server log it does say that the directory synchronization completed successfully though even though the number fetched is changing.  We made sure the settings are exactly the same as they were before, and we even tried a few different settings, but it still doesn't get all the users.  For testing purposes, we tried changing the search filter to pick specific people that aren't showing up during the normal sync and it will show up fine, so I'm wondering if there is something stopping it from going all the way through?
  We also have another enterprise domain connected which has around 2,000 users on it and have not had this problem with it.
  Here are some of the sync statistics from the past few syncs: (The active directory name has been stripped for security purposes).  If you need any more information please feel free to ask.  We would like to have this resolved as soon as possible.
  2010-05-30 21:02:51,366 INFO  [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer]
  ========== Synch Statistics for ============
  Total User Fetched - 5633
  Total Group Fetched - 0
  Total Members Fetched - 0
  Total time taken is 110 sec
  [100.00%] [100.00%]Domain Synchronizer(2 runs) : Total 110,375 ms, Max 110359 ms, Min 16 ms, Avg 55187 ms
  --[99.99%] [99.99%]User and group phase(1 runs) : Total 110,359 ms, Max 110359 ms, Min 110359 ms, Avg 110359 ms
  ----[95.78%] [95.80%]Users synch from (6 runs) : Total 105,719 ms, Max 19141 ms, Min 14281 ms, Avg 17619 ms
  ------[1.18%] [1.23%]Provider (31 runs) : Total 1,298 ms, Max 109 ms, Min 31 ms, Avg 41 ms
  --[0.01%] [0.01%]Memberhsip phase(1 runs) : Total 16 ms, Max 16 ms, Min 16 ms, Avg 16 ms
  -------Persistence Statistics-------
  Users ->
  added = 8
  removed = 2568
  updated = 5625
  unchanged = 0
  renamed = 0
  failed = 0
  UniqueId changed = 0
  Groups ->
  added = 0
  removed = 0
  updated = 0
  unchanged = 0
  failed = 0
  UniqueId changed = 0
  Emails ->
  added = 8515
  removed = 106
  unchanged (In changed Principals) = 16784
  Group Members ->
  added = 0
  removed = 0
  unchanged = 0
  unknown = 0
  failed = 0
  -------Batch Statistics-------
  Successful User Batches = 113
  Failed User Batches = 0
  Successful Group Batches = 0
  Failed Group Batches = 0
  Successful Member Batches = 0
  Failed Member Batches = 0
  ======================================
  2010-06-02 21:03:43,692 INFO  [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer]
  ========== Synch Statistics for ============
  Total User Fetched - 7140
  Total Group Fetched - 0
  Total Members Fetched - 0
  Total time taken is 165 sec
  [100.00%] [100.00%]Domain Synchronizer(2 runs) : Total 164,781 ms, Max 164750 ms, Min 31 ms, Avg 82390 ms
  --[99.98%] [99.98%]User and group phase(1 runs) : Total 164,750 ms, Max 164750 ms, Min 164750 ms, Avg 164750 ms
  ----[96.78%] [96.79%]Users synch from (8 runs) : Total 159,469 ms, Max 26719 ms, Min 3500 ms, Avg 19933 ms
  ------[1.01%] [1.05%]Provider (42 runs) : Total 1,667 ms, Max 109 ms, Min 15 ms, Avg 39 ms
  --[0.02%] [0.02%]Memberhsip phase(1 runs) : Total 31 ms, Max 31 ms, Min 31 ms, Avg 31 ms
  -------Persistence Statistics-------
  Users ->
  added = 8
  removed = 5
  updated = 7132
  unchanged = 0
  renamed = 1
  failed = 0
  UniqueId changed = 0
  Groups ->
  added = 0
  removed = 0
  updated = 0
  unchanged = 0
  failed = 0
  UniqueId changed = 0
  Emails ->
  added = 3340
  removed = 105
  unchanged (In changed Principals) = 33761
  Group Members ->
  added = 0
  removed = 0
  unchanged = 0
  unknown = 0
  failed = 0
  -------Batch Statistics-------
  Successful User Batches = 142
  Failed User Batches = 1
  Successful Group Batches = 0
  Failed Group Batches = 0
  Successful Member Batches = 0
  Failed Member Batches = 0
  ======================================
  2010-06-03 08:56:43,286 INFO  [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer]
  ========== Synch Statistics for ============
  Total User Fetched - 2960
  Total Group Fetched - 0
  Total Members Fetched - 0
  Total time taken is 68 sec
  [100.00%] [100.00%]Domain Synchronizer(2 runs) : Total 67,984 ms, Max 67921 ms, Min 63 ms, Avg 33992 ms
  --[99.91%] [99.91%]User and group phase(1 runs) : Total 67,921 ms, Max 67921 ms, Min 67921 ms, Avg 67921 ms
  ----[96.37%] [96.46%]Users synch from (3 runs) : Total 65,516 ms, Max 23016 ms, Min 19766 ms, Avg 21838 ms
  ------[4.00%] [4.15%]Provider (17 runs) : Total 2,719 ms, Max 844 ms, Min 31 ms, Avg 159 ms
  --[0.09%] [0.09%]Memberhsip phase(1 runs) : Total 63 ms, Max 63 ms, Min 63 ms, Avg 63 ms
  -------Persistence Statistics-------
  Users ->
  added = 2
  removed = 6632
  updated = 2958
  unchanged = 0
  renamed = 0
  failed = 0
  UniqueId changed = 0
  Groups ->
  added = 0
  removed = 0
  updated = 0
  unchanged = 0
  failed = 0
  UniqueId changed = 0
  Emails ->
  added = 3
  removed = 1
  unchanged (In changed Principals) = 10035
  Group Members ->
  added = 0
  removed = 0
  unchanged = 0
  unknown = 0
  failed = 0
  -------Batch Statistics-------
  Successful User Batches = 60
  Failed User Batches = 0
  Successful Group Batches = 0
  Failed Group Batches = 0
  Successful Member Batches = 0
  Failed Member Batches = 0
  ======================================

  We do have quite a few that are missing an attribute, specifically:
  2010-06-06 21:05:47,579 WARN  [com.adobe.idp.um.businesslogic.synch.LdapHelper] Record [xxxx] is missing required attribute [objectSID] for canonicalName i.e uniqueIdentifier field
  This is something that was on our old system as well:
  2010-05-25 03:02:35,559 INFO  [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] UserM:: [Thread Hashcode: 3010887] This record is missing a required attribute and cannot be used. Specifically CanonicalName is null. Common Name: xxxx
  We have many users in our active directory with just email accounts so that users are able to search for a name and find the email address in outlook.  I have checked through these and they look fine (though there are fewer entries in ES2 since there are fewer users being fetched).
  As for the locked users, here is what we received:
  2010-06-06 21:05:47,579 INFO  [com.adobe.idp.um.businesslogic.synch.LdapPrincipalProvider] Found [1257] locked users while synching. These users were ignored
  This sounds about right for the amount of users that were fetched. 
  If you have any more questions or ideas, please let us know.  We would like to have this resolved as soon as possible.  Thanks.

• Active Directory: user has admin rights when logs in for the first time

  I have an Xserve server running OS X server 10.5.8 and trying to host _open and active directory_ for both Mac and PC machines. The open directory works fine but what happens on the active directory side is that, when a user logs in from a windows machine he/she can access all the other users folders. In other words, he/she almost has *admin rights*. Is this normal or there is some settings that I can look into to fix this?
  Details: The first time user logs in, his only effect on the server is the password change. What this means is that his changes dont get uploaded to the server. It is only the second time the user logs in from ANOTHER computer that the server starts saving the his profile. Also, after the second login the user doesnt have admin rights anymore.
  Thanks,
  MR

  If you've just changed your login password in Recovery mode, follow these instructions. Otherwise, see below.
  At some point, you may have reset your keychain to default in Keychain Access. That action would have caused your login keychain to be renamed.
  Back up all data before proceeding.
  In Keychain Access, delete the login keychain from the keychain list. Choose Delete References when prompted, not Delete References & Files.
  Triple-click anywhere in the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
  ~/Library/Keychains
  In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar, paste into the box that opens (command-V), and press return. A folder will open. Rename the file "login.keychain" in that folder to something like "login-old.keychain". Rename the file "login_renamed_1.keychain" to "login.keychain". You can then close the folder.
  Back in Keychain Access, select 
            File ▹ Add Keychain...
  from the menu bar. Add back the file now named "login.keychain". If any of your needed keychain items are missing from it, also add back the file you named "login-old.keychain". I suggest you transfer any needed items from that keychain to the login keychain, then delete it. The transfers are made by drag-and-drop in Keychain Access. You'll need to enter your password for each item transferred.

• Can't connect to Small Business Server 2003 via Active Directory

  I have done lots of searching, both in these forums and the wider internet, and cannot find a solution to my specific problem.
  I am trying to connect my G5 (10.3.9) to a Windows network. We have a Microsoft Small Business Server 2003 with Active Directory. The PCs have no problem using this, and I can connect to shares setup on the server via AFP.
  But I am having problems when I try to configure the AD plug-in in Directory Access on the Mac. When I click 'Bind', I enter the Server's Administrator username & password and when I click 'OK', it gets to Step 3 of 5 "Verifying Credentials". It ticks away at this step for about 30 seconds, then comes up with error message saying "Invalid user name and password combination."
  I have tried other users with admin privileges, but they don't work either. I know the usernames and passwords aren't invalid, because I created them. I have tried fiddling around with other settings in the AD setup, but nothing gets any further.
  Without any other 3rd party software (that's my final option), is there something I need to check/change, either on the Mac or the server, to make this Mac to authenticate via AD? Please help!

  Hi Andbrowny, thanks for your response.
  Your advice didn't really help my Active Directory problem (AD doesn't require SMB does it?), but it gave me some progress on my SMB problem. I can connect via AFP, but previously when I tried to connect via SMB, it kept coming up with the error "Could not connect to the server because the name or password is not correct".
  Now, after changing the policies on the server, I get an error -43 message saying "The operation could not be completed because one or more required items cannot be found."
  So now I have two problems! SMB is not finding something it needs, and Active Directory is not "verifying credentials".
  Actually, I have three problems: When I am connected via AFP, filenames over 31 characters long are truncated on the server, and I can't copy long filenames onto the server without renaming them. I have read that SMB would fix this to a degree (256 characters for the complete file path), but is there anything (a protocol or software) that allows long filenames to be read/written with ease?
  Side note: The server is not 100% configured, the bloke installing it still has some work to do, but Active Directory works for all the XP machines, and I can connect to each XP workstation with SMB.

• OracleServiceXE Won't Start After Active Directory Install

  Hello Folks,
  Newbie to Oracle but proficient in general I.T. stuff. Client contacted us stating Active Directory role installed on Server 2008 box running as a virtual machine. After which client could no longer remotely access server and subsequently removed Active Directory. Since then, OracleServiceXE will not start and no response on the homepage of Oracle at http://127.0.0.1:8080/apex/f?p=4950.
  I see many other posts here of troubleshooting that led to reinstall of software. We're OK with that. However, I would like to verify that the customer's database will be able to be reattached after the reinstall? If so, what is that process please?
  We're open to troubleshooting as well if there's a relatively easy fix but otherwise open to reinstall.
  We're open to paid support if necessary as client has been down for a few days now.
  Please help!
  Thanks,
  Jon

  clcarter,
  Thank you. I copied the entire database directory to the desktop. Should be good to go there.
  Now, how would one shut down the database, go to a startup mount and alter the database open reset logs?
  Alert log (beginning and end) follows:
  Thu Aug 16 16:01:10 2012
  Starting ORACLE instance (normal)
  LICENSE_MAX_SESSION = 0
  LICENSE_SESSIONS_WARNING = 0
  Shared memory segment for instance monitoring created
  Picked latch-free SCN scheme 2
  Using LOG_ARCHIVE_DEST_1 parameter default value as USE_DB_RECOVERY_FILE_DEST
  Autotune of undo retention is turned on.
  IMODE=BR
  ILAT =18
  LICENSE_MAX_USERS = 0
  SYS auditing is disabled
  Starting up:
  Oracle Database 11g Express Edition Release 11.2.0.2.0 - Production.
  Using parameter settings in client-side pfile C:\ORACLEXE\APP\ORACLE\PRODUCT\11.2.0\SERVER\CONFIG\SCRIPTS\INIT.ORA on machine DISMART
  System parameters with non-default values:
  sessions = 172
  memory_target = 1G
  control_files = "C:\ORACLEXE\APP\ORACLE\ORADATA\XE\CONTROL.DBF"
  compatible = "11.2.0.0.0"
  db_recovery_file_dest = "C:\oraclexe\app\oracle\fast_recovery_area"
  db_recovery_file_dest_size= 10G
  undo_management = "AUTO"
  undo_tablespace = "UNDOTBS1"
  remote_login_passwordfile= "EXCLUSIVE"
  dispatchers = "(PROTOCOL=TCP) (SERVICE=XEXDB)"
  shared_servers = 4
  job_queue_processes = 4
  audit_file_dest = "C:\ORACLEXE\APP\ORACLE\ADMIN\XE\ADUMP"
  db_name = "XE"
  open_cursors = 300
  diagnostic_dest = "C:\ORACLEXE\APP\ORACLE"
  Thu Aug 16 16:01:22 2012
  PMON started with pid=2, OS id=2412
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified !
  Thu Aug 16 16:01:22 2012
  PSP0 started with pid=3, OS id=3060
  Thu Aug 16 16:01:22 2012
  VKTM started with pid=4, OS id=1128 at elevated priority
  VKTM running at (10)millisec precision with DBRM quantum (100)ms
  Thu Aug 16 16:01:22 2012
  GEN0 started with pid=5, OS id=5772
  Thu Aug 16 16:01:22 2012
  DIAG started with pid=6, OS id=5972
  Thu Aug 16 16:01:22 2012
  DBRM started with pid=7, OS id=5832
  Thu Aug 16 16:01:22 2012
  DIA0 started with pid=8, OS id=5812
  Thu Aug 16 16:01:22 2012
  MMAN started with pid=9, OS id=5200
  Thu Aug 16 16:01:22 2012
  DBW0 started with pid=10, OS id=2036
  Thu Aug 16 16:01:22 2012
  LGWR started with pid=11, OS id=4284
  Thu Aug 16 16:01:22 2012
  CKPT started with pid=12, OS id=5168
  Thu Aug 16 16:01:22 2012
  SMON started with pid=13, OS id=6020
  Thu Aug 16 16:01:22 2012
  RECO started with pid=14, OS id=5940
  Thu Aug 16 16:01:22 2012
  MMON started with pid=15, OS id=480
  Thu Aug 16 16:01:22 2012
  MMNL started with pid=16, OS id=5320
  Thu Aug 16 16:01:22 2012
  starting up 1 dispatcher(s) for network address '(ADDRESS=(PARTIAL=YES)(PROTOCOL=TCP))'...
  starting up 4 shared server(s) ...
  ORACLE_BASE from environment = C:\oraclexe\app\oracle
  Thu Aug 16 16:01:22 2012
  kcbztek_populate_tbskey: db key in controlfile and datafile 1 is inconsistent..
  Full restore complete of datafile 3 to datafile copy C:\ORACLEXE\APP\ORACLE\ORADATA\XE\SYSAUX.DBF. Elapsed time: 0:00:02
  checkpoint is 354593
  Full restore complete of datafile 4 to datafile copy C:\ORACLEXE\APP\ORACLE\ORADATA\XE\USERS.DBF. Elapsed time: 0:00:09
  checkpoint is 354593
  Thu Aug 16 16:01:53 2012
  Full restore complete of datafile 1 to datafile copy C:\ORACLEXE\APP\ORACLE\ORADATA\XE\SYSTEM.DBF. Elapsed time: 0:00:31
  checkpoint is 354593
  Thu Aug 16 16:02:09 2012
  Full restore complete of datafile 2 to datafile copy C:\ORACLEXE\APP\ORACLE\ORADATA\XE\UNDOTBS1.DBF. Elapsed time: 0:00:47
  checkpoint is 354593
  Thu Aug 16 16:02:09 2012
  Create controlfile reuse set database "XE"
  MAXINSTANCES 8
  MAXLOGHISTORY 1
  MAXLOGFILES 16
  MAXLOGMEMBERS 3
  MAXDATAFILES 100
  Datafile
  'C:\oraclexe\app\oracle\oradata\XE\system.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\undotbs1.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\sysaux.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\users.dbf'
  LOGFILE
  GROUP 1 SIZE 51200K,
  GROUP 2 SIZE 51200K,
  RESETLOGS
  WARNING: Default Temporary Tablespace not specified in CREATE DATABASE command
  Default Temporary Tablespace will be necessary for a locally managed database in future release
  Thu Aug 16 16:02:10 2012
  Successful mount of redo thread 1, with mount id 2672646209
  Completed: Create controlfile reuse set database "XE"
  MAXINSTANCES 8
  MAXLOGHISTORY 1
  MAXLOGFILES 16
  MAXLOGMEMBERS 3
  MAXDATAFILES 100
  Datafile
  'C:\oraclexe\app\oracle\oradata\XE\system.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\undotbs1.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\sysaux.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\users.dbf'
  LOGFILE
  GROUP 1 SIZE 51200K,
  GROUP 2 SIZE 51200K,
  RESETLOGS
  Shutting down instance (immediate)
  Shutting down instance: further logons disabled
  Stopping background process MMNL
  Stopping background process MMON
  License high water mark = 1
  All dispatchers and shared servers shutdown
  ALTER DATABASE CLOSE NORMAL
  ORA-1109 signalled during: ALTER DATABASE CLOSE NORMAL...
  ALTER DATABASE DISMOUNT
  Completed: ALTER DATABASE DISMOUNT
  ARCH: Archival disabled due to shutdown: 1089
  Shutting down archive processes
  Archiving is disabled
  ARCH: Archival disabled due to shutdown: 1089
  Shutting down archive processes
  Archiving is disabled
  Thu Aug 16 16:02:14 2012
  Stopping background process VKTM
  Thu Aug 16 16:02:16 2012
  Instance shutdown complete
  Thu Aug 16 16:02:18 2012
  Starting ORACLE instance (normal)
  LICENSE_MAX_SESSION = 0
  LICENSE_SESSIONS_WARNING = 0
  Picked latch-free SCN scheme 2
  Using LOG_ARCHIVE_DEST_1 parameter default value as USE_DB_RECOVERY_FILE_DEST
  Autotune of undo retention is turned on.
  IMODE=BR
  ILAT =18
  LICENSE_MAX_USERS = 0
  SYS auditing is disabled
  Starting up:
  Oracle Database 11g Express Edition Release 11.2.0.2.0 - Production.
  Using parameter settings in client-side pfile C:\ORACLEXE\APP\ORACLE\PRODUCT\11.2.0\SERVER\CONFIG\SCRIPTS\INITXETEMP.ORA on machine DISMART
  System parameters with non-default values:
  sessions = 172
  memory_target = 1G
  control_files = "C:\ORACLEXE\APP\ORACLE\ORADATA\XE\CONTROL.DBF"
  compatible = "11.2.0.0.0"
  db_recovery_file_dest = "C:\oraclexe\app\oracle\fast_recovery_area"
  db_recovery_file_dest_size= 10G
  undo_management = "AUTO"
  undo_tablespace = "UNDOTBS1"
  remote_login_passwordfile= "EXCLUSIVE"
  dispatchers = "(PROTOCOL=TCP) (SERVICE=XEXDB)"
  shared_servers = 4
  audit_file_dest = "C:\ORACLEXE\APP\ORACLE\ADMIN\XE\ADUMP"
  db_name = "XE"
  open_cursors = 300
  diagnostic_dest = "C:\ORACLEXE\APP\ORACLE"
  Thu Aug 16 16:02:26 2012
  PMON started with pid=2, OS id=5128
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified !
  Thu Aug 16 16:02:26 2012
  PSP0 started with pid=3, OS id=5388
  Thu Aug 16 16:02:26 2012
  VKTM started with pid=4, OS id=4004 at elevated priority
  VKTM running at (10)millisec precision with DBRM quantum (100)ms
  Thu Aug 16 16:02:26 2012
  GEN0 started with pid=5, OS id=4976
  Thu Aug 16 16:02:26 2012
  DIAG started with pid=6, OS id=5860
  Thu Aug 16 16:02:26 2012
  DBRM started with pid=7, OS id=5532
  Thu Aug 16 16:02:26 2012
  DIA0 started with pid=8, OS id=2820
  Thu Aug 16 16:02:26 2012
  MMAN started with pid=9, OS id=5088
  Thu Aug 16 16:02:26 2012
  DBW0 started with pid=10, OS id=4236
  Thu Aug 16 16:02:26 2012
  LGWR started with pid=11, OS id=4240
  Thu Aug 16 16:02:26 2012
  CKPT started with pid=12, OS id=4244
  Thu Aug 16 16:02:26 2012
  SMON started with pid=13, OS id=5432
  Thu Aug 16 16:02:26 2012
  RECO started with pid=14, OS id=5076
  Thu Aug 16 16:02:26 2012
  MMON started with pid=15, OS id=5124
  Thu Aug 16 16:02:26 2012
  MMNL started with pid=16, OS id=5924
  starting up 1 dispatcher(s) for network address '(ADDRESS=(PARTIAL=YES)(PROTOCOL=TCP))'...
  starting up 4 shared server(s) ...
  ORACLE_BASE from environment = C:\oraclexe\app\oracle
  Thu Aug 16 16:02:26 2012
  Create controlfile reuse set database "XE"
  MAXINSTANCES 8
  MAXLOGHISTORY 1
  MAXLOGFILES 16
  MAXLOGMEMBERS 3
  MAXDATAFILES 100
  Datafile
  'C:\oraclexe\app\oracle\oradata\XE\system.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\undotbs1.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\sysaux.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\users.dbf'
  LOGFILE
  GROUP 1 SIZE 51200K,
  GROUP 2 SIZE 51200K,
  RESETLOGS
  WARNING: Default Temporary Tablespace not specified in CREATE DATABASE command
  Default Temporary Tablespace will be necessary for a locally managed database in future release
  Successful mount of redo thread 1, with mount id 2672635474
  Completed: Create controlfile reuse set database "XE"
  MAXINSTANCES 8
  MAXLOGHISTORY 1
  MAXLOGFILES 16
  MAXLOGMEMBERS 3
  MAXDATAFILES 100
  Datafile
  'C:\oraclexe\app\oracle\oradata\XE\system.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\undotbs1.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\sysaux.dbf',
  'C:\oraclexe\app\oracle\oradata\XE\users.dbf'
  LOGFILE
  GROUP 1 SIZE 51200K,
  GROUP 2 SIZE 51200K,
  RESETLOGS
  Stopping background process MMNL
  Stopping background process MMON
  Starting background process MMON
  Thu Aug 16 16:02:29 2012
  MMON started with pid=15, OS id=5732
  Starting background process MMNL
  Thu Aug 16 16:02:29 2012
  MMNL started with pid=16, OS id=5704
  ALTER SYSTEM enable restricted session;
  alter database "XE" open resetlogs
  RESETLOGS after incomplete recovery UNTIL CHANGE 354593
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_ora_5312.trc:
  ORA-00313: open failed for members of log group 1 of thread 1
  Clearing online redo logfile 1 C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_1_%U_.LOG
  Clearing online log 1 of thread 1 sequence number 0
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_ora_5312.trc:
  ORA-00313: open failed for members of log group 1 of thread 1
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_ora_5312.trc:
  ORA-00313: open failed for members of log group 1 of thread 1
  Clearing online redo logfile 1 complete
  Thu Aug 16 16:02:32 2012
  Checker run found 1 new persistent data failures
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_ora_5312.trc:
  ORA-00313: open failed for members of log group 2 of thread 1
  Clearing online redo logfile 2 C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_2_%U_.LOG
  Clearing online log 2 of thread 1 sequence number 0
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_ora_5312.trc:
  ORA-00313: open failed for members of log group 2 of thread 1
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_ora_5312.trc:
  ORA-00313: open failed for members of log group 2 of thread 1
  Thu Aug 16 16:02:32 2012
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_m000_1808.trc:
  ORA-01155: the database is being opened, closed, mounted or dismounted
  Clearing online redo logfile 2 complete
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_ora_5312.trc:
  ORA-00313: open failed for members of log group 3 of thread 1
  Clearing online redo logfile 3 C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_0_%U_.LOG
  Clearing online log 3 of thread 1 sequence number 0
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_ora_5312.trc:
  ORA-00313: open failed for members of log group 3 of thread 1
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_ora_5312.trc:
  ORA-00313: open failed for members of log group 3 of thread 1
  Clearing online redo logfile 3 complete
  Online log C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_1_82TNGPV9_.LOG: Thread 1 Group 1 was previously cleared
  Online log C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_2_82TNGRDB_.LOG: Thread 1 Group 2 was previously cleared
  Online log C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_3_82TNGSP9_.LOG: Thread 1 Group 3 was previously cleared
  Setting recovery target incarnation to 2
  Thu Aug 16 16:02:37 2012
  Assigning activation ID 2672635474 (0x9f4d2e52)
  Thread 1 opened at log sequence 1
  Current log# 1 seq# 1 mem# 0: C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_1_82TNGPV9_.LOG
  Successful open of redo thread 1
  Thu Aug 16 16:02:37 2012
  SMON: enabling cache recovery
  Thu Aug 16 16:02:41 2012
  [5312] Successfully onlined Undo Tablespace 2.
  Undo initialization finished serial:0 start:2306864 end:2307738 diff:874 (8 seconds)
  Dictionary check beginning
  Tablespace 'TEMP' #3 found in data dictionary,
  but not in the controlfile. Adding to controlfile.
  Dictionary check complete
  Verifying file header compatibility for 11g tablespace encryption..
  Verifying 11g file header compatibility for tablespace encryption completed
  SMON: enabling tx recovery
  WARNING: The following temporary tablespaces contain no files.
  This condition can occur when a backup controlfile has
  been restored. It may be necessary to add files to these
  tablespaces. That can be done using the SQL statement:
  ALTER TABLESPACE <tablespace_name> ADD TEMPFILE
  Alternatively, if these temporary tablespaces are no longer
  needed, then they can be dropped.
  Empty temporary tablespace: TEMP
  Updating character set in controlfile to AL32UTF8
  Create Relation IPS_PACKAGE_UNPACK_HISTORY
  Opening with Resource Manager plan: INTERNAL_PLAN_XE
  Thu Aug 16 16:02:44 2012
  Starting background process VKRM
  Thu Aug 16 16:02:44 2012
  VKRM started with pid=23, OS id=2684
  WARNING: Files may exists in db_recovery_file_dest
  that are not known to the database. Use the RMAN command
  CATALOG RECOVERY AREA to re-catalog any such files.
  If files cannot be cataloged, then manually delete them
  using OS command.
  One of the following events caused this:
  1. A backup controlfile was restored.
  2. A standby controlfile was restored.
  3. The controlfile was re-created.
  4. db_recovery_file_dest had previously been enabled and
  then disabled.
  replication_dependency_tracking turned off (no async multimaster replication found)
  Starting background process QMNC
  Thu Aug 16 16:02:47 2012
  QMNC started with pid=24, OS id=3676
  LOGSTDBY: Validating controlfile with logical metadata
  LOGSTDBY: Validation complete
  Global Name changed to XE
  Thu Aug 16 16:02:51 2012
  Starting background process CJQ0
  Thu Aug 16 16:02:51 2012
  CJQ0 started with pid=25, OS id=2536
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified !
  Thu Aug 16 16:02:57 2012
  Completed: alter database "XE" open resetlogs
  alter database rename global_name to "XE"
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  Completed: alter database rename global_name to "XE"
  Thu Aug 16 16:02:57 2012
  Thread 1 advanced to log sequence 2 (LGWR switch)
  Current log# 2 seq# 2 mem# 0: C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_2_82TNGRDB_.LOG
  alter database drop logfile group 3
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  Deleted Oracle managed file C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_3_82TNGSP9_.LOG
  Completed: alter database drop logfile group 3
  ALTER TABLESPACE TEMP ADD TEMPFILE 'C:\oraclexe\app\oracle\oradata\XE\temp.dbf' SIZE 20480K REUSE AUTOEXTEND ON NEXT 640K MAXSIZE UNLIMITED
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  Completed: ALTER TABLESPACE TEMP ADD TEMPFILE 'C:\oraclexe\app\oracle\oradata\XE\temp.dbf' SIZE 20480K REUSE AUTOEXTEND ON NEXT 640K MAXSIZE UNLIMITED
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  ALTER SYSTEM disable restricted session;
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  Thu Aug 16 16:03:02 2012
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  Thu Aug 16 16:03:02 2012
  Errors in file C:\ORACLEXE\APP\ORACLE\diag\rdbms\xe\xe\trace\xe_j003_5264.trc:
  ORA-12012: error on auto execute of job "SYS"."BSLN_MAINTAIN_STATS_JOB"
  ORA-06550: line 1, column 807:
  PLS-00201: identifier 'DBSNMP.BSLN_INTERNAL' must be declared
  ORA-06550: line 1, column 807:
  PL/SQL: Statement ignored
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  Thu Aug 16 16:03:11 2012
  db_recovery_file_dest_size of 10240 MB is 0.98% used. This is a
  user-specified limit on the amount of space that will be used by this
  database for recovery-related files, and does not reflect the amount of
  space available in the underlying filesystem or ASM diskgroup.
  Thu Aug 16 16:03:14 2012
  XDB installed.
  Thu Aug 16 16:03:15 2012
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  XDB initialized.
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  Thu Aug 16 16:03:25 2012
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  Thu Aug 16 16:03:28 2012
  Shutting down instance (immediate)
  Shutting down instance: further logons disabled
  Stopping background process QMNC
  Stopping background process CJQ0
  Stopping background process MMNL
  Stopping background process MMON
  License high water mark = 6
  All dispatchers and shared servers shutdown
  ALTER DATABASE CLOSE NORMAL
  Thu Aug 16 16:03:31 2012
  SMON: disabling tx recovery
  SMON: disabling cache recovery
  Thu Aug 16 16:03:31 2012
  Shutting down archive processes
  Archiving is disabled
  Archive process shutdown avoided: 0 active
  Thread 1 closed at log sequence 2
  Successful close of redo thread 1
  Completed: ALTER DATABASE CLOSE NORMAL
  ALTER DATABASE DISMOUNT
  Completed: ALTER DATABASE DISMOUNT
  ARCH: Archival disabled due to shutdown: 1089
  Shutting down archive processes
  Archiving is disabled
  ARCH: Archival disabled due to shutdown: 1089
  Shutting down archive processes
  Archiving is disabled
  Thu Aug 16 16:03:32 2012
  Stopping background process VKTM
  Thu Aug 16 16:03:35 2012
  Instance shutdown complete
  Thu Aug 16 16:03:37 2012
  Starting ORACLE instance (normal)
  LICENSE_MAX_SESSION = 0
  LICENSE_SESSIONS_WARNING = 0
  Picked latch-free SCN scheme 2
  Using LOG_ARCHIVE_DEST_1 parameter default value as USE_DB_RECOVERY_FILE_DEST
  Autotune of undo retention is turned on.
  IMODE=BR
  ILAT =18
  LICENSE_MAX_USERS = 0
  SYS auditing is disabled
  Starting up:
  Oracle Database 11g Express Edition Release 11.2.0.2.0 - Production.
  Using parameter settings in server-side pfile C:\ORACLEXE\APP\ORACLE\PRODUCT\11.2.0\SERVER\DATABASE\INITXE.ORA
  System parameters with non-default values:
  sessions = 172
  spfile = "C:\ORACLEXE\APP\ORACLE\PRODUCT\11.2.0\SERVER\DBS\SPFILEXE.ORA"
  memory_target = 1G
  control_files = "C:\ORACLEXE\APP\ORACLE\ORADATA\XE\CONTROL.DBF"
  compatible = "11.2.0.0.0"
  db_recovery_file_dest = "C:\oraclexe\app\oracle\fast_recovery_area"
  db_recovery_file_dest_size= 10G
  undo_management = "AUTO"
  undo_tablespace = "UNDOTBS1"
  remote_login_passwordfile= "EXCLUSIVE"
  dispatchers = "(PROTOCOL=TCP) (SERVICE=XEXDB)"
  shared_servers = 4
  job_queue_processes = 4
  audit_file_dest = "C:\ORACLEXE\APP\ORACLE\ADMIN\XE\ADUMP"
  db_name = "XE"
  open_cursors = 300
  diagnostic_dest = "C:\ORACLEXE\APP\ORACLE"
  Thu Aug 16 16:03:48 2012
  PMON started with pid=2, OS id=5692
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified !
  Thu Aug 16 16:03:48 2012
  PSP0 started with pid=3, OS id=5744
  Thu Aug 16 16:03:48 2012
  VKTM started with pid=4, OS id=5576 at elevated priority
  VKTM running at (10)millisec precision with DBRM quantum (100)ms
  Thu Aug 16 16:03:48 2012
  GEN0 started with pid=5, OS id=4756
  Thu Aug 16 16:03:48 2012
  DIAG started with pid=6, OS id=1020
  Thu Aug 16 16:03:48 2012
  DBRM started with pid=7, OS id=5300
  Thu Aug 16 16:03:48 2012
  DIA0 started with pid=8, OS id=5864
  Thu Aug 16 16:03:48 2012
  MMAN started with pid=9, OS id=5636
  Thu Aug 16 16:03:48 2012
  DBW0 started with pid=10, OS id=3564
  Thu Aug 16 16:03:48 2012
  LGWR started with pid=11, OS id=5840
  Thu Aug 16 16:03:48 2012
  CKPT started with pid=12, OS id=5996
  Thu Aug 16 16:03:48 2012
  SMON started with pid=13, OS id=5280
  Thu Aug 16 16:03:48 2012
  RECO started with pid=14, OS id=5512
  Thu Aug 16 16:03:48 2012
  MMON started with pid=15, OS id=3684
  Thu Aug 16 16:03:48 2012
  MMNL started with pid=16, OS id=5104
  Thu Aug 16 16:03:48 2012
  starting up 1 dispatcher(s) for network address '(ADDRESS=(PARTIAL=YES)(PROTOCOL=TCP))'...
  starting up 4 shared server(s) ...
  ORACLE_BASE from environment = C:\oraclexe\app\oracle
  Thu Aug 16 16:03:48 2012
  ALTER DATABASE MOUNT
  Changing di2dbun from to XE
  Successful mount of redo thread 1, with mount id 2672626596
  Database mounted in Exclusive Mode
  Lost write protection disabled
  Completed: ALTER DATABASE MOUNT
  Thu Aug 16 16:03:53 2012
  ALTER DATABASE OPEN
  Thread 1 opened at log sequence 2
  Current log# 2 seq# 2 mem# 0: C:\ORACLEXE\APP\ORACLE\FAST_RECOVERY_AREA\XE\ONLINELOG\O1_MF_2_82TNGRDB_.LOG
  Successful open of redo thread 1
  SMON: enabling cache recovery
  [5776] Successfully onlined Undo Tablespace 2.
  Undo initialization finished serial:0 start:2384085 end:2384865 diff:780 (7 seconds)
  Verifying file header compatibility for 11g tablespace encryption..
  Verifying 11g file header compatibility for tablespace encryption completed
  Thu Aug 16 16:03:59 2012
  SMON: enabling tx recovery
  Database Characterset is AL32UTF8
  Opening with Resource Manager plan: INTERNAL_PLAN_XE
  Thu Aug 16 16:04:00 2012
  Starting background process VKRM
  Thu Aug 16 16:04:00 2012
  VKRM started with pid=22, OS id=5816
  replication_dependency_tracking turned off (no async multimaster replication found)
  Starting background process QMNC
  Thu Aug 16 16:04:03 2012
  QMNC started with pid=24, OS id=4092
  Thu Aug 16 16:04:06 2012
  Completed: ALTER DATABASE OPEN
  Thu Aug 16 16:04:14 2012
  Starting background process CJQ0
  Thu Aug 16 16:04:14 2012
  CJQ0 started with pid=33, OS id=4932
  Thu Aug 16 16:04:17 2012
  db_recovery_file_dest_size of 10240 MB is 0.98% used. This is a
  user-specified limit on the amount of space that will be used by this
  database for recovery-related files, and does not reflect the amount of
  space available in the underlying filesystem or ASM diskgroup.
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified !
  Thu Aug 16 16:04:25 2012
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  Fri Oct 19 15:43:25 2012
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !
  Fri Oct 19 15:43:28 2012
  Fatal NI connect error 12638, connecting to:
  (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))
  VERSION INFORMATION:
  TNS for 32-bit Windows: Version 11.2.0.2.0 - Production
  Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 11.2.0.2.0 - Production
  Time: 19-OCT-2012 15:43:28
  Tracing not turned on.
  Tns error struct:
  ns main err code: 12638
  TNS-12638: Credential retrieval failed
  ns secondary err code: 0
  nt main err code: 0
  nt secondary err code: 0
  nt OS err code: 0
  OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
  O/S-Error: (OS 1) Incorrect function. !

• Impact on roaming profile accounts if we Change User logon Name to Employee Number format in Active Directory for all User accounts

  I want to understand if we change User logon Name to Employee Number format in Active Directory for all User accounts, then what would be the impact on existing profile. Whether we need to change it manualy or it will connect to same profiles in terminal
  session.
  As i observed it create new profile after logon name changed to employee number where existing users profile settings get fails to load and prompt for new settings (such as outlook reconfiguration, share drive mapping etc.).
  Kindly let me know the proper process to overcome with this, how to connect same existing roaming profile with employee number format change.

  Hi,
  What if we change the user name of user account, will it have impact on roaming profiles.
  Yes, it will affect roaming profiles. Please rename the roaming profile folder as the new user account name, in addition, change the profile path in ADUC.
  Here is an related article below for you:
  How to Rename a Windows 7 User Account and Related Profile Folder
  http://social.technet.microsoft.com/wiki/contents/articles/19834.how-to-rename-a-windows-7-user-account-and-related-profile-folder.aspx
  Best Regards,
  Amy

• UME connected to Active Directory. How to change what fields are available

  I have successfully changed my UME to point to Active Directory. I'll describe process further on in post. My issue now is how to modify what AD fields will be available in UME and what UME fields they'll be 'mapped' to.
  I'll try to describe the process I've gone through so far:
  1) Download the 'dataSourceConfiguration_ads_readonly_db.xml' file from Config Tool
  2) Renamed file and added the following:
      a) in <responsibleFor><principal type="user"> <nameSpaces><nameSpace name="com.sap.security.core.usermanagement"><attributes> section I added a <attribute name="xxx"/> tag for each new field I wanted. 'xxx' is, of course, the name of the field
      b) in <attributeMapping><principals><principal type="user"> <nameSpaces><nameSpace name="com.sap.security.core.usermanagement"><attributes> section I added a <attribute name="xxx"><physicalAttribute name="yyy"/></attribute> tag for each new field I wanted. 'xxx' is, of course, the name of the field in UME and 'yyy' is the field in the LDAP
  Then I uploaded the new file into Config Tool and switched the "Data source configuration file" selection to that new file. Saved the change and restarted the engine.
  When I ran some test code I was getting information back from the user's AD entry. For example, I tested the email field. This is a field that is not maintained in the UME but I got the correct value back so I knew it was getting it from AD.
  Then I wanted to see if I could get one of the new fields. When I ran my test code the user.getXxx() method call returend null.
  Since I knew that getting the e-mail worked I thought I'd change the mapping for the email UME field to point to the 'yyy' field in AD. I did this by making this change:
  <b>FROM:</b>
  <attribute name="email">
      <physicalAttribute name="mail"/>
    </attribute>
  <b>TO:</b>
    <attribute name="email">
      <physicalAttribute name="yyy"/>
    </attribute>
  I then uploaded that new xml file and switched to it in Config Tool. Then I restarted the engine.
  However, when I ran my test code (see below for snippet) it still shows the email value instead of the value of field 'yyy'.
  Any help would be GREATLY appreciated.
  <b>Web Dynpro code snippet:</b>
  String input = "smith";
  IUserFactory userFactory = UMFactory.getUserFactory();
  try {
    IUserSearchFilter searchFilter = userFactory.getUserSearchFilter();
    searchFilter.setLastName(input, ISearchAttribute.LIKE_OPERATOR, false);
    ISearchResult searchResult = userFactory.searchUsers(searchFilter);
    while (searchResult.hasNext()) {
      String userID = (String)searchResult.next();
      IUser user = userFactory.getUser(userID);
      String email = user.getEmail();
  } catch (UMException e1) {
    //error handling

  Update. I uploaded the wrong file the 2nd time. When I changed the XML file to 'bind' theAD field to the 'email' UME field, my code did return the AD value when I did
  user.getEmail();
  However, I'm still not able to get the AD field bound to any other UME field that wasn't part of the default XML file.
  Is there something else I need to do besides adding the tags I described in my original entry?
  Thanks

• CMC Authentication Active Directory Synchronization Updates Drops Users

  We are using SAP Business Objects on a Windows Server 2008 box and have configured single sign-on using Active Directory. We schedule the Active Directory in the Authentication tab to synchronize every day. Yesterday not all of the users updated and actually were dropped from the CMC. We think it was because one of the domain controllers went down for a group of users during the last CMC Active Directory Update. My question is, are there any log files we can look at for the active directory synch to see if there were any errors detected during the synchronization. It would be nice too, to be able to see a list of what actually happened during the Active directory synch like what groups, users and user group associations where added and deleted.
  The result was when the users were dropped we lost any manual security setups and the user lost their favorites and preferences settings because they were dropped. Is there anyway we can insulate our Acitve Directory updates from accidentally dropping users when something goes wrong with the Active Directory Synch Update?
  Any best practices would be greatly appreciated.
  Thanks,
  Bill

  Hi Bill,
  Usually, if a group has been deleted or renamed in the AD controller, the group is deleted from the CMC. If a DC is not available, the group shouldn't have been deleted.
  As far as I know, there are no options for debugging the action of the schedule. If you suspect that this can happen again, you can enable/disable traces on your CMS programming the creation/copy of CMS_trace.ini when the AD graph/alias schedule is going to happen.
  There is an Idea that you can vote to avoid users being deleted when the group is accidentally deleted from the CMC:
  https://cw.sdn.sap.com/cw/ideas/2645
  In the meantime, you can also create Enterprise alias for your AD users, so even if the problem appears again, the security, inboxes and favourites will still be there.
  1401058 - How to create Enterprise aliases for LDAP or AD accounts
  [https://service.sap.com/sap/support/notes/1401058]
  Regards,
  Julian

• OAM and MS Active Directory Integration on Non-Windows Server envrionment

  I will start by saying that I am dealing with a heterogeneous environment here where multiple systems are run by different levels of management. Our Oracle systems chose to go all *nix (Oracle Solaris and Red Hat Linux) and hence we do not have a single Windows Server in our Oracle services area and would really like to keep it that way as we prefer to keep a uniform platform across our Oracle servers.  However, the desktop side of our department has chosen to use Microsoft Active Directory and now we wish to integrate and perform authentication against it for our OAM protected sites.  We are in the initial setup phase but we have no desire to implement a critical server such as OAM on the Windows platform and would rather tie OAM running on a Red Hat Linux server to Active Directory.  We will also be using OID as we run Portal but do not want to use it as our authentication authority for Oracle Products (local policy is that Active Directory is the only valid credential authority on site as we are moving to true Single Sign On across our desktops and web applications).  I have a few questions.
  1. Can it be done natively or would we have to run the Windows version of OAM?
  2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth?
  3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?

  Hi David,
  Answers in-line
  1. Can it be done natively or would we have to run the Windows version of OAM?
  You can run all of the OAM Servers on *nix, and simply point to AD as an OAM data source on the machine:port that AD is running on. There is no need for the OAM components to be on Windows.
  2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth
  As above, this is not necessary.
  3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?
  Yes, this is entirely possible. Even though it is not necessary in your situation, it often provides more flexibility to front-end the user store with OVD, for example when adding/renaming Windows domains, or specifying specific branches for users and so on.
  Regards,
  Colin